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VO (54) Title: METHOD AND SYSTEM FOR MANAGEMENl^ OF MULITPLE NETWORK RESOURCES 

00 

00 

^ (57) Abstract: A method and system for management of a plurality of resources in a network environment. The system uses web 
^ technology, preferably XML-technology, to receive and store information related to back-end resources and to provide a framework 
^ by which client computer systems can manage the plurality of back-end resources in a uniform manner. Using these communica- 
tions, the management system uniformly associates information from the various resources via various multi-step, scenario-based 
Q functions, such as, for example, searches, monitoring, scripting, software deployment, etc. That is, the management system is able 
^ to provide easier, higher- level operation options to the administrator based on the associated information related to the various re- 
^ sources. 
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METHOD AND SYSTEM FOR MANAGEMENT 
OF MULTIPLE NETWORK RESOURCES 

5 This application is being filed 1 1 December 2001 as a PCX application by 

MICROSOFT CORPORATION, a United States national and resident, designating 
all countries except US. 

Technical Field 

10 The present invention relates to methods and systems for managing multiple 

resources in a network environment. More particularly, the present invention relates 
to providing a method and system for performing scenario-based tasks requiring 
interaction with multiple resources while providing a uniform user-interface for each 
of the multiple resources. 

15 Background of the Invention 

Network administrators, also known as information technology staff, perform 
many operations throughout each day in order to manage a number of different 
resources associated with ttieir respective networks. These networks may comprise 
any number of hardware related computer resources, e.g., printers, compute 

20 stations, severs, etc., as well as a number of software related resources, such as 
databases, employee profiles, email servers, applications, among others. Typically, 
each of these resources has a uniquely different fix)nt end or user interface that the 
administrator must use to modify, evaluate or otherwise configure that resource. 
Consequently, in order to perform their duties, administrators must be familiar with 

25 many different types of systems. 

The resources are typically managed directly at the resource itself, or 
rraiotely via a two-tier type of connection. The two-tier system involves (1) a client 
computer system or "fiont-end" and (2) flie resources themselves or ••back-end". In 
the two-tier model, the client computer system must be connected to the resources, 

30 potentially through a network server, and have all the necessary software installed on 
the fit>nt-end to effectively manage the resources. The software relates to the front- 
end user interface for each different resoxu-ce. 

One of the problems associated with this two-tier system, in terms of 

1 
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netwoik administratioxi, is that it is necessaiy to store and manage the appropriate 
"fiont-end" applications for each resource, or set of related resources, at each client 
location where netwoik administration will take place. By placing the appropriate 
"fix)nt-end" applications at the client computer level, the two-tier architecture 
5 requires a significant and ongoing investment in technology, software, and data 
updates. 

An additional drawback to this two-tiered system is that each of the resources 
and their respective front-end user interface applications operate uniquely and 
independently for each of the resources being managed. Therefore, when a complex 
10 multi-step task (or complex scenario) must be performed, the independence of the 
resources requires that each sq)arate front-end be accessed to perform frmctions 
associated with performing one step of the multi-step task or otherwise performing 
the individual parts of the scenario. For example, in order to add a new user to a 
network system, many tasks must be completed, such as adding the user to the 

i 

15 employee database, setting up the user's computer, setting up an email account for 
the user, providing the user with a security badge, etc. The independent nature of 
the various resources required to perform these tasks results in multiple, sometimes- 
repetitive actions that must be perTomaed for each front-end appUcation each tune a 
obtain task must be completed. For instance, when trying to find infomiation 

20 associated with a task, such as a particular user, many different resources must be 
accessed, again, using unique front-end applications, to search for the information 
relevant to a particular topic. Unfortunately however, accessing different resources 
in this manner is time consxraiing and requires a mastery of many types of 
appUcations and front-ends. 

25 Another drawback associated with network administration, as so far 

described, is that in order to effectively manage each of the varied resources 
associated with a given network, a network administrator must be expertly familiar 
with each of the "front-end" applications or user interfaces that are used to control 
the resources. As such, significant training time and expense is required for an 

30 administrator to learn, and keeping cuirent with, the functioning of each of the 

varied resources associated with the network, as well as the various associated front- 
end applications or user interfaces. 
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It is with respect to these and other considerations that the preset invention 
has been made. 

Summary of the Invention 

This invention relates to a management system for managing computer- 
5 related resources within a distributed or network relationship. The management 
system or "portal", also uses web technology, preferably XML-technology, to reduce 
the overhead associated with existing management tools that depend heavily on a 
two-tier system having cUent computer systems connected to the conaputer resources 
fliemselves - which are inherently non-uniform m nature and make administration of 

10 conq>uter sjrstems difficult. In an embodiment of the invention, the management 
tool is a scalable, web«-based management fiamewoik that manages a plurality of 
back-end resources in a uniform manner. The resources conmiunicate with the 
management system via a conforming dialog, which is schema driven. Using these 
communications, the management system uniformly associates information from the 

15 various resources via various multi-step, scenario-based functions, such as, for 
example, searches, monitoring, scripting, software deployment, etc. That is, the 
management system is able to provide easier, higher-level operation options to the 
administrator based on tiie associated information related to the various resources. 
With respect to certam aspects, the present inv^tion relates to a system for 

20 managing a plurality of resources, the system having a management module in 
communication with the plurality of resources. The management module is capable 
of receiving a request to access information related to one or more of the plurality of 
resources and in response to the receipt of a request to access information, the 
management module accesses information from more than one resource. The 

25 management module may have a configuration manager for receiving information 
from a plurality of resources and a configuration store for storing predetermined 
information for the plurality of resources. Additionally, the configuration manager 
installs resources such that the management module can modify configuration 
information for the plurality of resources in response to a request Moreover, in one 

30 embodiment, each of tiie pluraUty of resources provides information to the 
configuration manager in XML format. 

In accordance with other aspects, the plurality of resources managed by the 
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system contain one or more objects. Each of these objects has one or more 
attributes, each attribute having a data field and a value. Similarly, each object has 
one or more associated tasks that may be performed on the object. In this case, the 
management module accesses attribute and task information firom the associated 
5 resources in response to a request to access information. Additionally, the attribute 
and/or task information for a singular object may be provided by more than one 
resource and/or accessed by more than one resource. In one embodiment, each 
object is defined by a property sheet and the attribute and/or task information is a 
property page in the property sheet. A propCTty sheet manager may be used to 

10 receive and store property sheet information related to managed objects. 

In accordance with yet other aspects, the present invention relates to a system 
havmg a configuration manager for receiving information fix>m a plurality of 
resources, each resource having associated objects; a configuration store for storing 
predetermined information for the plurality of resources; and a search manager 

15 adapted to receive predetermined search information fix)m a plurality of resources;, a 
search data store adapted to store predetermined search information for the various 
resources; and wherein the search manager searches the plurality of resoiurces in 
response to a single search request. In another embodiment, the system may have a 
task manager in place of, or in addition to the search manager. The task manager 

20 receives task information &om the configuration manage related to tasks that may 
be completed in managing the plurality of resoxuces. 

Additionally, the present invention relates to a method of managing a 
plurality of resources, each resource having managed objects, wherein each of the 
objects has associated attribute and task information. Initially, the method relates to 

25 the acts of receiving information fi'om a resource related to attribute information for 
a managed object and receiving information fi'om a different resource related to 
attribute information for the same managed object. The method then stores &e 
information received fi:om the second resource with flie information received from 
the first resource in association with the first managed object. Next, in management 

30 of the resources, the method relates to receiving a request to access information 
related to the managed object and accessing stored information firom the first and 
second resources to access information related to the managed object The method 
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may fiirOter include creating a property sheet for the managed object and associating 
a first property page and second property page with the property sheet 

In accordance with yet other aspects, the method may further relate to 
receiviag a search or task request from a client computer system and searching a 
5 plurality of resoxirces in response to the single search request using information 
associated with the property sheet or requesting task completion from a pl\irality of 
resources. The method may frirther include the act of sharing search information 
between resources. 

The invention may be implemented as a computer process, a computing 
10 system or as an article of manufacture such as a computer program product. The 
computer program product may be a computer storage medium readable by a 
computer systOTi and encoding a computer program of instructions for executing a 
computer process. The computer program product may also be a propagated signal 
on a carrier readable by a computing systan and encoding a computer program of 
15 instructions for executing a computer process. 

A more complete appreciation of the present invention and its improvements 
can be obtained by reference to the accompanying drawings, which are briefly 
summarized below, and to the following detailed description of presentiy preferred 
embodiments of the invention, and to the appended claims. 

20 

Brief description of the Drawings 
Fig. 1 illustrates a distributed network system incorporating aspects of the 
present invention. 

Fig. 2 illustrates a computer system mcoiporating aspects of a resource 
25 management system according to the present invention. 

Fig. 3 illustrates a software environment for implementing the present 
invention, the software environment including a resource management system of the 
present invention as well as various resources managed by the resource management 
system and managed objects with the managed resources. 
30 Fig. 4 is a flow diagram showing ttie operational characteristics performed by 

the resource management system shown in Fig. 3 in adding a new resource to the 
system. 



5 
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Fig. 5 illustrates an exemplary screen display representing a managed object 
havittg a property sheet and the extensibility of the property sheet by way of 
property pages according to one embodiment of the invmtion. 

Fig. 6 is a flow diagram illustrating the operational flow characteristics 
5 performed by the resource management system in extending an existing property 
sheet according to one embodiment of the invention. 

Fig. 7 illustrates a software environment for perfomtiing a multi-step task in 
an embodiment of the invention. 

Fig. 8 is a flow diagram showing the operational characteristics performed by 
10 the resource management syst^ and the task manager, shown in Fig. 3 in 
displaying a task list in an embodiment of the invention. 

Fig. 9 is a flow diagram showing the operational characteristics performed by 
the resource management system in creating a script in accordance with aspects of 
the present invention. 
15 Fig. 1 0 illustrates a software environment for perfonning a search in an 

embodiment of the invention. 

Fig. 1 1 is a flow diagram showmg the operational characteristics performed 
by the resource management system and flie search manager, shown in Fig. 3 in 
executing a search in an embodiment of the invention. 
20 Fig. 12 illiistrates general features of a graphical user interface management 

console incorporating various elements for controlling and accessing the resource 
management system shown in Fig. 3. 

Fig. 13 illustrates various features of the management console shown in Fig. 

12. 

25 Fig. 14 illustrates additional features of, and further embodiments of, the 

management console shown in Fig. 12. 

Figs. 15-19 illustrate various details and features of a quick search tool 
shown in the management console of Fig. 14. 

Fig. 20 illustrates user interface elements that are generated in the 
30 management console of claim 3 as a result of a search performed with the quick 
search tool shown in Figs. 15-19. 



6 
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Fig. 21 illustrates various details and features of an explorer tool shown in 
the graphical user interface of Fig. 14. 

Fig. 22 illustrates various elemrats of an exemplary module for use in the 
management console shown in Fig. 12. 
5 Fig. 23 illustrates another embodiment of an exemplary module for use in the 

management console shown in Fig. 12. 



Detailed Description of the Invention 

A distributed environment 100 including aspects of the present invention is 

10 shown in Fig. 1 . The environment 1 00 has at least one client computer system, such 
as client computer systems 102 that communicates with at least one server computer 
system, such as server computer system 104, in a distributed environment 106, such 
as the Intemet or some other distributed environment, e.g., a WAN, LAN, etc. The 
server computer system 104 is used to manage one or more resources 108. The 

15 resources 108 generally relate to computer-resources that may be managed by a 
network administrator. The resources 108, may mclude hardware devices, such as 
printers, workstations, servers, etc. and software related elements such as databases, 
security systems, email accounts and user accounts, among others. For example. 
Resource 1, shown as 1 10 in Fig. 1, may be an email system that controls the email 

20 for a particular network, and where Resource 2, shown as 112 relates to all the 

printers for that network. As may be appreciated, the network may have any number 
of resources, as shown by Resource N 1 14, wherein "N' relates to any variable 
number of resources. 

Importantly, the type and scope of the resources 108 is most hkely different 

25 from one network to another and, therefore, the scope of the present invention relates 
to manageable resources in general, as opposed to one specific set of resources. 
Additionally, potentially new and different resources that may be managed using 
aspects of the present invention may emerge over time and the present invention is 
not limited by the fact that these resources were not available previously. Indeed, 

30 use of the present invention lends itself to the generation of new and different 
resources that operate in conjunction with the present invention. 

The resources 108 are operably connected to the server computer system 104 
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such that infoimation can be sent to and received from the resources. These 
connections are common in distributed environments, and may be wireless or not 
The protocols used to communicate between the lesources and server computer 
system may be proprietary to the resource and/or the server 104. However, the 
5 protocol used should preferably allow for ability to control various features of the 
resources, such as being able to modify the configuration of the resource, such as 
being able to update its database, change its security options, etc. 

The client computer system 102 may coimntmicate with the server computer 
system 104 via many different protocols over various types of connections. As 

10 shown in Fig. 1, the systems 102 and 104 may communicate via the Internet 106 
using Hypertext Transfer Protocol (HTTP), mark-up languages, or some other 
communication protocol suitable for use with, for example, the Internet. In a 
particular embodiment, client computer system 102 is a Microsofl.NET client, but 
other, non-Microsoft.NET cUents may be used, 

IS During operation, the client computer system 102 accesses information firom 

the server computer system 104. The mformation accessed relates to the various 
resources 108. Once accessed, cUent computer system 102 displays a graphical user 
interface 1 16 to be used in managing the resources 108 or, in other ^bodiments, 
command line interfaces may be used. The client computer system 102 has a 

20 graphical user interface 1 16 to provide effective management capabilities of 
computer resources 108 through the server computer system 104. Alternative 
embodiments, however, do not use the graphical user interface (GUI) 1 16, but 
instead use other means of providing and receiving information firom and to the user 
of the client computer system 102. As discussed in more detail below, the interface 

25 provides consistencies with respect to being able to manage the various resources, 
even though each resource may still have some of its own unique characteristics. 

In one embodiment, the present invention relates to a browser ^plication 
ttiat operates in conjunction with a management module or system to coordinate 
operations and events behind a firewall, such as between the server computer system 

30 104 and the resources 108. In a particular embodiment, the management system is 
integrated with an "Enterprise Namespace" (which catalogs objects and tasks across 
an operational domain) and all user interactions are schema driven using distributed 
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services to perform all management tasks. That is, all interaction between the 
browser application and the management module is e)q)ressed in XML or some other 
schema-driven language. 

Similarly, commxmications between the management system and other 
5 resources may also conform to a defined schema. Requiring conforming 

communications between resources and the management layer provides the ability to 
share or associate related information from different resources and to logically 
combine sub-fimctions and property information. In turn, using the associated 
information, the management module may provide advanced capabilities to the user 

10 by allowing task or scenario-based operations that effectively manage the multiple 
resources 108 in response to merely a few requests, e.g., one request to add a user 
may effectively modify information in two or more resources. As discussed in more 
detail below, the management module may include many different sub-modules or 
components that carry out various multi-step task or scenario-based management 

15 functions. Additionally other modules may also be incorporated to perform saipting 
functions (not requiring a User Interface), searching functions, customization and/or 
other administrative fimctions using the associated information fix>m the plurality of 
resources 108. 

An exemplary computer system 200 fliat may be used to perform the 
20 functions of either the client computer system 102 or the server computer system 
104 to manage the various resources 108 within the system 100 according to the 
present invention is shown in Fig. 2. The system 200 has a processing unit or 
processor 202 and memory 204. In an alternative embodiment of the invention, the 
system may have multiple processors (not shown). 
25 . In its most basic configuration, the computing system 200 is illustrated in 

Fig. 2 by dashed line 206. Additionally, the system 200 may also include additional 
storage (removable and/or non-removable) including, but not limited to, magnetic or 
optical disks or tape. Such additional storage is illustrated in Fig. 2 by removable 
storage 208 and non-removable storage 210. Typically, the bulk of the database 
30 information is stored in such additional storage. Computer storage media includes 
volatile and nonvolatile, removable and non-removable media implemented in any 
method or technology for storage of information such as computer readable 
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instructions, data structures, program modules or other data. Memory 204, 
removable storage 208, and non-removable storage 210 are all examples of 
computer storage media. Ck>mputer storage media includes, but is not limited to, 
RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, 
5 digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic 
tape, magnetic disk storage or other magnetic storage devices, or any other medium 
which can be used to store the desired information and which can be accessed by the 
system 200. Any such computer storage media may be part of system 200. 
Depending on the configuration and type of computing device, the memory 204 may 

10 be volatile, non-volatile or some combination of the two. 

The system 200 may also contain commimications connection(s) 212 that 
allow flie device to communicate with other devices. The communications 
connection(s) 212 is an example of communication media. The communication 
media typically embodies computer readable instructions, data structures, program 

15 modules or other data in a modulated data signal such as a carrier wave or other 
transport mechanism and includes any information delivery media. The term 
'"modulated data signal" means a signal that has one or more of its characteristics set 
or changed in such a manner as to encode information in the signal. By way of 
example, and not limitation, communication media includes wired media such as a 

20 wired network or direct-wired connection, and wireless media such as acoustic, RF, 
infrared and other wireless media. The term computer readable media as used herein 
includes both storage media and communication media. 

System 200 may also have input device(s) 214 such as keyboard, mouse, 
pen, voice input device, touch input device, etc. Output device(s) 216 such as a 

25 display, speakers, printer, etc. may also be included. All these devices are well 
known in the art and need not be discussed at I^gth here. 

In an embodiment, a software environment 300 incorporating aspects of the 
invention may be illustrated as shown in Fig. 3. The envuronment 300 mcludes three 
componaits: a client computer systrai 302, a management module 304, and 

30 resources 306. A first component 302 relates to the client computer system 302, 
which is used by a network administrator to manage various resources. The second 
component 304 relates to a management module that communicates with the cUent 
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compute system 302 to facilitate management of resources 306. 

In an embodiment, the system 302 includes client computer system software 
308 and a user inter&ce module 310. The client computer system software 308 
provides sevoral fimctions. For mstance, the software 308 communicates with the 
5 management module 304 to provide requests for information and/or requests for 
tasks to be completed This commimication may be performed in any number of 
ways, e.g., it may involve the transfer of information across a network connection, 
such as the Internet or it may involve communication between two separate 
processes in a single machine. Some of these various connections are discussed 

10 above with respect to Fig. 1 . 

Additionally, the client computer system software 308 also communicates 
with or provides fimctionality to the user through the user interface module 310. 
The user interface module 310 may employ a GUI, such as GUI 1 16 shown in Fig. 
1, or may employ a command line interface. In one embodiment, discussed in detail 

15 below, the user interface includes a web browser application 3 1 1 to present the GUI 
1 16. To fiicilitate the presentation of the GUI in the web browser 3 1 1, the interface 
module 310 may also include an applet 313. Details regarding both the web browser 
313 and the applet 313 are provided below. The user interface 310 may finlher 
include other elements such as mput elements, e.g., keyboards, touch screens, touch 

20 pads, mice, among others. The user interface 310 may also mclude output elements 
such as the graphical user interface 1 16, as shown in Fig. 1, or other output elements 
such as printers, speakers, etc. An end user, such a network administrator, 
communicates with the computer system software 308 through the user interface 
module 310. In turn, the computer system software 308 communicates with the 

25 management module 304 to effectively manage resources 306. 

With respect to the resources 306 shown in Fig. 3, the resources 312, 314, 
316 are sunilar to resources 110, 112, 114 shown in Fig. 1. Again, these resources 
may relate to any computer resource that may be managed by a netwoik 
administrator. These resources may involve software and/or hardware components. 

30 The resources may fiirther include resource APIs, such as APIs 3 1 8, 320, 322. 
Resource APIs relate to application program interface modules that allow 
communication between the resource itself and a separate computer system, such as 

11 
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the management system 304. These APIs may be standard or custom designed to 
&cilitate communication and ey^tual management of the lesouices. 

In an embodiment, each of the resources 306 has a datastore, such as 
datastores 323, 325 and 327 for storing information related to that resource, 
5 Additionally, each resource 306 manages one or more objects, such as objects 329, 
331 and 333. An object is a particular set of data and information describing that 
data. For instance a user object may relate to a particular user in the network and the 
object may include relationship or meta information about the user. Of course, the 
various resources may manage other objects, such as objects relating to specific 

10 hardware units, e.g., printers or workstations, or to events or operations. Typically, 
the information stored about an object relates to particular properties or attributes 
assigned to the object. In the example relating to a user object, the information may 
identify attributes such as, for example, name, address, title, etc. In addition, the 
information stored may also indicate the type of actions that can be taken with 

15 req}ect to an object, e.g., edit user information, delete user object, etc. 

In a particular embodiment, resources may be created by a resource 
developer. Before creating a resource, a developer must know what objects, e.g., 
objects 329, will be managed, and what object tasks will be available to tfie user of 
the resource in managing those objects. For example, an object may relate to system 

20 users, and a task may involve resetting a user's password. Next, the following XML 
documents may be created: (1) an Object Type XML document, which provides a 
description of the object types used by the plugin; (2) a Plugin Information XML 
document which provides plugin configuration and version information; (3) a 
Property Sheet XML document which provides property sheet information; and (4) a 

25 Task XML documrat which provides information about the tasks available for the 
plugin's objects. The XML documents can be created using any text editor or XML 
authoring tool. The XML documents describe ttie plugin and the plugin objects, 
tasks, and property sheets. 

Next, in tiiis embodiment, a Microsoft ".NET Framework" assmibly is 

30 created. The assembly for the plugin may implement the following interfaces: 
IPluginPropertySheet, IPluginScope, and IPluginSearch, which, in general, 
implement methods for managing property sheets, search functions and other 
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elOTients of the plugm. In order to manage the plugin, these interfeces may be 
accessed by the system management environment 304. 

The management module 304, which may be present on a server computer 
system such as 104 shown in Fig. 1, provides a **middle tier" of the management 
5 system 100 shown in Fig. 1 . In a particular embodiment, the environment 300 is 
based on the Microsoft ".NET" framework. The server-side functionality may 
potentially be written in C# and communicate via nS and ASP+ and be hosted on a 
single server or on a web farm. The management module 304 may be located in a 
separate domain to &e client and also to the managed resources and communication 

10 can take place between firewalls. In this embodiment, the managed resources can be 
written in any .NET compliant language, for example, C# or VB J^ET. The 
managed resources preferably also expose certain web services to facilitate 
communication with the management module 304. Additionally, the management 
module 304 may be a web service associated with the .NET framework. Web 

15 Services are described in more detail in the article titled "The Programmable Web: 
Web Services Provides Building Blocks for Microsoft .NET Framework" from the 
magazine "MSDN Magazine" September 2000 issue. 

The management module 304 uses many elements to facilitate management 
of the resources 306. In an embodiment of the invention, the management module 

20 304 has a plurality of managers that operate relatively independently to perform 
various functions in managing the resources 306. Each manager may fiirther have a 
store of information that resides on the computer system housing the manager itself 
as discussed in more detail below. In an embodiment of the invention, the 
management module 304 has a search manager 324, a user interface manager 326, a 

25 task manager 328, a configuration manager 330, a property sheet manager 332, and a 
persistence manager 334. In alternative embodiments the management module 304 
may include other managers. Moreover, in yet other embodiments, the management 
module may incorporate fewer managers than shown in Fig. 304. The various 
managers communicate with each other as indicated by connection 335 shown in 

30 Fig. 3. 

In general, a manager is a component that is data driven so that it is available 
relatively automatically in the management module 304 for use by any other 
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manager or component within system 304. In addition, ottier management hosting 
user-interface components may be incorporated into the module 304 as needed for 
specific administrative functions^ e.g., user management, operations manag^ent, 
configuring services, etc. These components may be created by third parties and 
5 used to provide specific user-interface support for their specific resources. 

With respect to the user interface manager 326, the manager 326 provides the 
interface fimctionality between the management module 304 )md the client computer 
system software 308. In an embodiment, the user interface module provides many 
advanced features, e.g., the user interface manager 326 may customize output 

10 information for a particular client conq)Uter system. Consequentiy, the user interface 
manager 326 allows for the use of many different types of client computer systems, 
e.g., laptops, desktops, PDAs, cell phones, etc. The user interface manager 
communicates with the client computer system to provide the proper format and 
amount of output information, as well as input information. Furthermore, the user 

15 interface manager may adapt to many difiBerent network protocols which may be 
used across the distributed network. 

Details of the user interface manager 326 and the interaction between the 
management module 304 and a web browser operation on the client computer 
system 302 are provided below. 

20 In general, the persistence manager 334 functions to store various predefined 

and authored layouts of a management console graphical user interface (console 
layouts) that is described in detail below. The persistence manager preferably stores 
these console layouts as XML type files in a memory, such as persistence store 346, 
shown in Fig. 3. 

25 With respect to tiie search manager 324, it generally parses and performs 

search operations on portions of data stored and used on the system 300. Typically, 
tiie search manager receives a query &om the clxeat con^uter system software 308, 
and performs the query using information stored in search store 336 as well as 
through functional mteraction with the back-end resources 306 to thereby supply 
' 30 search results back to the client 308. 

Similarly, the task manager 328 receives task requests firom the cUent 
computer syston software 308 and is involved in executing those tasks. The tasks 
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generally relate to actual management or configuration type tasks, such as adding 
new users to the network, but may also refer to otber tasks such as providing task 
related information to the user. The task manager 328 may perform tasks by 
interaction wifli one or more back-end resources 306. To cany out a requested task, 
5 the task manager 328 has instructional information stored in task store 340 used to 
recognize the functions to be performed in carrying out a specific task, such as, for 
example, which resources must be notified or used in performing the task. For 
instance, in adding a new user to the network, the task manager 328 may need to 
send new user information to an employee database managed by a SQL server, to an 

10 email server and to a security-clearance application, among others. In such a case, 
the task manager may store, in task store 340, the set of application or resources that 
must be notified of the fact that a new user is being added. The task manager 328, 
the search manager 324 and other managers are discussed in more detail below as 
they relate to the actual management of the resources 306; 

15 Prior to management of a resource, the resource must be installed or 

registered with or on the system. Fig. 4 illustrates the operational flow 
characteristics related to the registration of a new resource to the management 
module 304 shown in Fig. 3. Prior to ttie start of flow 400, tiie resource will be 
created by a developer or some other third party as described above. The purpose of 

20 the process 400 relates to the registration of that resource in such a manner as to 
hook it into the management system 300 and to thereby allow for the various 
managers described above to access and manage the installed resource. Hence, the 
resource is to be included in the framework of the system, such as system 300 and 
will eventually be managed by the management module 304. Furthermore, through 

25 the registration process, the installed resource thereafter recognizes a method of 
commnnication with the management module 304 and, typically, all communication 
between the two are performed according to that protocol or method. 

Initially, flow 400 begins as receive operation 402 receives a request 
indicating that a resource or "plugin" is requesting to be installed on the system. 

30 Resources that hook themselves into the management module 304 are generally 
referred to as plugins, where the plugin is the portion of the resource that 
communicates with the management module by sending and receiving messages. 
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The request may be made by the resource itself or the system may recognize that a 
new resource is being plugged into the system, thus generating the request. In an 
embodiment the configuration manager 330 (Fig. 3) receives the request. The 
request, as well as other provided information, is in a predetermined format, such as 
5 in XML, so that the management module 304 understands the configuration 

information. The request typically includes some predetermined information, such 
as the name of the resource, the location of various XML files, among others. 

In a particular embodiment, Ike configuration manager 330 is a web service 
that supports defined methods that any plugin can call into to register, to im-register, 

10 and/or to update its install information. In this case, the request &om the plugin 
merely executes one or more of these methods. Also, in this particular embodim^t, 
the information provided by the plugm, relates to the directory where the plugin is 
installed on the network, such that the system or configuration manager 330 can find 
more information about the plugirL 

15 Besides installation information, during the initial communication phase 402 

between a plugin and the system, the plugin may provide other information relating 
to the objects, such as objects 329, 331 and 333 (Fig. 3) managed by that plugia 
For instance, receive operation 402 may receive information fi^om the plugin relating 
to the types of objects to be exposed to the system upon completion of the 

20 installation process, attributes of those objects, available actions that may be used on 
those objects, and searchable criteria for those objects. The plugin may further 
provide information as to other types of objects that are recognized, but not 
necessarily exposed, by the plugin. Moreover, the plugin may provide available 
actions that may be accessed that relate to objects managed by another plugin to 

25 effectively extend the existing object. 

As an example, an Active Directory plugin may exist on the system and it 
may expose objects relating specific users, known in a preferred embodiment of the 
invention as user objects. Subsequently, an email application may be installed tfiat 
recognizes user objects, and specifically provides an email address attribute to 

30 existing user objects. Furthermore, the email application may provide available 
actions to user objects, such as editiag email addresses, sending email messages, 
activating or deactivating an email account, etc. These attributes and actions relating 

16 
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to existing objects are commumcated to the configuration manager during receive 
operation 402. As discussed below, receiving such additional information provides 
the ability to extend the user object to include the additional information. 

Upon receiving information firom the plugin, evaluate operation 404 checks 
5 the information in the provided directory to ensure that the plugin is installed 

correctly. In an embodiment, the configuration manager makes sure that the plugin 
is installed with the coirect XML file fomiats and validates the web service 
interfaces that the plugins need to expose to the system 304. 

Following evaluate operation 404, supply act 406 supplies relevant 

10 information to other managers, such as the task manager 328, query or search 
manager 324, and/or the property sheet manager 332. The act of supplying the 
information may be performed in a number of ways. For instance, the configuration 
manager 330 may sort through the various information provided by the plugin and 
then send the information to each manager that may find a particular piece of 

15 information relevant. In such a case, each attribute or property provided by the 
resomce is evaluated to determine if anoth^ manager in the system may be 
interested in the new resource, or some portion thereof. Upon determining that 
another manager may be interested in information firom file new resource, the supply 
operation 406 effectively notifies the other manager of the information, hi another 

20 embodiment, the configuration manager 330 may initiate an event that is picked up 
by other managers, wherein the event indicates fliat a new plugin has been installed 
and is requesting registration. Consequently, each manager is responsible for 
locating and gathering the relevant information. 

Once the information has been supplied to the various managers, store 

25 operation 408 stores relevant information in local store(s). That is, each manager 
that receives information related to a newly installed and registered plugin stores 
some of the information, if relevant, in its local store. For instance, the task manager 
328 may evaluate the new information and determine that some task-related 
information should be stored in the local store corresponding to the task manager. 

30 As stated above, each manager may maintain a dedicated store of inforaiation for 
this purpose. 

Following store operation 408, the plugin is considered to be installed and 
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registered with the management module such that future management can be 
controlled througji the management module an4 therefore, the flow 400 cads at end 
operation 410. 

Although the flow 400 generally relates to adding a new resource to the system, it 
5 also relates to extending existing objects within the system. For example, assume 
the flow 400 is installing an email application to an existing system having an 
"Active Directory** application that exposes user objects. In this case, smce the 
email application supports usor objects, the supply operation 406 essentially supplies 
new user-object information to managers within the system and ttxe store operation 

10 408 stores the information for later use. The new user object information may 
include task information, e.g., creating a new email account, editing an email 
address, activating and deactivating accounts, etc. to the task manager. Similarly, if 
the email address is a searchable attribute, then this information may be 
communicated to the search manager 324, Essentially, the user object supported by 

15 the Active Directory is now also supported by the email appUcation. More 

importantly, combining information &om separate resources into a single, exposed 
object, provides a relatively comprehensive set of information about each user, such 
as all attributes and/or actions by simply accessing the object. 

Consequently, the flow 400 relates to the installation of a new resource and 

20 the sharing of information between separate modules to provide more 

comprehensive task handling as well. In the example provided above, assume one of 
the existing activities for user objects relates to adding a new user, as provided by 
the Active Directory. Next, assume that the email application was installed 
according to the flow 400 and that during the supply operation 406, the task manager 

25 328 received supported, user-object tasks, including creating a new account for a 
new user. The task manager 328 may tiien recognize that when an "add user'' task is 
executed by the administrator, the system calls both tiie Active Directory application 
to add a new user profile and tiie email application to create a new email account for 
the new user. 

30 As stated above, in a particular embodiment, the addition of new resources is 

handled by the configuration manager 330 (shown in Fig. 3), which communicates 
with resources as they are added to the system. Preferable the resources are installed 
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on the system and then regist^ed with the management module 304. The 
configuration manage 330 may further configure the resources 306 to allow 
management of those resources, or at least perform a test operation to make sure the 
resources are installed in compliance with the necessary minimum requirements to 
5 allow other managers to access and manage the resource. For instance, as a new 
resource is added to the environment 300, configuration manager 330 comprises the 
software element that communicates with that resource in order to install the 
resource within flie system and evaluate whether the resource is properly installed. 
The configuration manager 330 also provides ofiier managers, such as the 

10 search manager 324 and the task manager 328, necessary information related to a 
newly installed and registered resource. Consequently, the various managers can 
store, within their respective stores, any information related to the new resource so 
that future communications are possible between the managers and that resoiurce. 
The new information may relate to the location of the new resource, how to 

15 communicate with the new resource, that the new resource should be contacted when 
a predetermined task is performed, the type of information necessary to perform the 
task, etc. 

As stated, in an embodiment flxe configuration manager 330 is a web service. 
Potential web service methods to the configuration manager 330 are provided below 
20 in Table 1 . The resources 306, as well as other managers, such as the search 

manager 324 and the task manager 328, may use the methods shown and described 
in Table 1 to get infomiation about the resources or plugins 306 installed on the 
system. 



Table 1: Methods to the Configuration Manager 



Method 


Example 


Description 


Pluginlnstalled 


String Pluginlnstalled( 
string 5Pa/^ 

); 

Where sPath is the relative path to 
the plugin to be installed 


This method is called by a 
plugin when it is done 
installing itself. 


PluginUnlhstalled 


String PluginUnIhstaIled( 
string sPath 

); 

Where sPath is the relative path to 


This me&od is called by a 
plugin when it is done un- 
installing itself. 
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the plugin to be uninstalled 




PluginUpdated 


String PluginUpdated( 

Sujllg Sl^uin 

); 

Where sPath is the relative path to 
the plugin to be updated 


This method is called when 
a plugin updates its 
installation. 


DisablePlugin 


String DisablePlugin( 
String sjrath 

); 

Where sPath is the relative path to 
the plugin to be disabled 


This method can be called 
by the admimstrator of the 
management module to 
Disable a plugin that is 
registered to the 
management module. 


EnablePlugin 


String EnablePlugin( 
string srath 

); 

Where sPath is the relative path to 
the plugin to be enabled 


This method can be called 
by the admimstrator of the 
management module to 
Enable a plugin that is 
registered to the 
Management Module. 


DisableAll 


String DisableAllO; 

DisableAll does not require any 
parameters 


This method can be called 
by the administrator of the 
Management Module to 
Disable all plugins. 


EnableAll 


String EnableAllQ; 

EnableAll does not require any 
parameters 


This method can be called 
by the administrator of the 
Management Module to 
Enable all plugins. 


GetPluginsXML 


String GetPluginsXMLO; 

GetPluginsXML does not require 
any parameters 


This method returns all the 
high level information 
about plugins, like their 
name, description and 
directory install path. 


GetLocalApplication 
RootDirectoiy 


String 

GetLocalApplicationRootDirectoryO 

9 

GetLocalApplicationRootDirectoiy 
does not require any parameters 


Plugins can use this method 
to get information about the 
Management Module 
Application directory. 


GetLocalApplication 
BinDirectory 


String 

GetLocalApplicationBinDiiectoryO; 

GetLocalApplicationBinDirectoiy 
does not require any parameters 


Plugins can use this method 
to get information about the 
Management Portal Bin 
directory. 


GetLocalApplication 
PluginDirectory 


oumg 

GetLocalApplicationPluginDirectoty 

0; 

GefLocalApplicationPluginDirectory 
does not require any parameters 


Plugins can use this method 
to get information about the 
Management Portal Plugins 
Directory 
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Using the methods shown and described in Table 1, in combination with 
flow 400 shown in Fig, 4, plugins can dynamically install, uninstall or update the 
infonnation they provide to the management module 304. Since the management 
5 module 304, in one embodiment, is a web based application, all the new resoxurces 
only need to be installed in one location and all their information is dynamically 
picked up by the different managers and translated into an integrated fix)nt end for 
the users. 

In a particular embodiment, the infomiation provided to the configuration 

10 manager 330 is provided in XML format. Using the XML format, the configuration 
manager 330 is able to parse the information and understand whether other managers 
need to be notified of any particular aspect of the XML file* Typically, the resource 
converts the file to XML format prior to a transmission to the configuration manager 
330. Altematively however, a separate component may be siq)plied by the system 

15 304 to perform the translation. 

The resources 306 manage objects, such as objects 329. Therefore, each 
resource 306 provides infonnation to the system 304 about its objects, e.g., resource 
312 provides infomiation about objects 329. In an embodiment, the resource may 
provide object infonnation in a property sheet which may be in XML format and 

20 which defines a generic object, e.g., such as a generic user object. Additionally, the 
property sheet may comprise one or more property pages. The property sheet may 
therefore relate to a combination of property pages. Bach property page is defined in 
an XML formatted portion of code that describes the layout, e.g., where the 
information is going to be rendered on the user inter&ce, what types of controls are 

25 located on the page, etc. Also the XML code for the property page may provide a 
pointer to a piece of code that populates data regions of the page as well as another 
pointer that identifies another piece of code that is called to modify the information, 
e.g., with a set or modify data command. 

With respect to certain aspects of the present invention, the property sheets 

30 that are exposed to the system 304 by one resource are extendible by other resources. 
Fig. 5 illustrates the concept of having a separate, independent application or 
resource extend an existing property sheet. In Fig. S, a property sheet representing a 
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particular user object is illustrated in display 500. Consequently, the display 500 
rq>resents the object itself. The object provides a title bar 502» an active region 504, 
and a scope list 506. The title displays the title of an object as defined by the 
property sheet. The active region 504 displays controls and data fields for one 
5 property page, as selected from the list 506. The Ust 506 lists the various property 
pages that may be displayed in the active region 504 that relate to the user object 
500. 

As shown in Fig. 5, the personal information property page control 508 has 
been selected and therefore the active region 504 displays the property page relating 

10 to the personal information for the particular user. Other selection controls for 
additional proper^ pages are displayed in the scope list 506, such as a job 
information control 510 and an email information control 512. Additional 
information about the visual representation of the schema at the client computer 
system is displayed below with respect to the management console, 

15 Independent resomces or appUcations may define one or more property 

pages associated with a particular object, such as user object 500 shown in Fig. 5. 
For example, assume that an Active Directory application exposed the user object 
500. Also, assume the Active Directory application defined various property pages, 
e.g., the personal information page relating to unique personal identification data, 

20 such as name, home address, employee number, etc. Additionally, assume another, 
job-related property page was also defined by the Active Directory appUcation and it 
included job-related information, such as the person's job title, building location, 
group, etc. Next, assume that another application is installed on the system, such as 
an email server. The email server may recognize user objects and supply a property 

25 page to be included in the user object property sheet, for instance to associate an 
email address with the user. Instead of creating a new property sheet, which would 
include much of the same information, such as the user's name, etc., the email 
address property page 512 is simply added to the user object property sheet. The 
information associated with the email address property page includes pointers to 

30 code located on the email server relating to available actions for a particular user 
object relating to email tasks. 

As stated above, the property pages may be based on an XML schema, which 
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defines both the types of controls that a prop^ page will contain and the layout of 
those controls on a page. Table 2 illustrates an example of a Document Type 
Definition or DTD that defines an XML schema for creating a property page. 
Table 2: Example DTD for an XML Schema for a Property Page 



^:JDi-/iiivixiiN 1 propcnyoueeis 


(propenyoneei'T 


<!ELEMENT propertySheet 


propertySheetlD, name, 
aescnpnon, geuLiaiaxianaier, 
(^seujaxatiancLieryproperiyjr agei^ ^ 


<!ELEMENT piopatyPage 


(propertyPagelD, name, 
aescnpnon, aunDUies,iayoui;'^ 


^iJoj^cjytuJN 1 auziDuies 


^annDuiei- )^ 


^lijjL/i^MiJiN 1 anriDure 


\^aiuiDuieiii, name, 

UClaUil V diUC < , QlSpiayXlUllS I 


^im-rCfiYLEirN 1 lay oui 




^;i-*jjJC»iViJz»iN 1 ruw 


/if «rn+^"> 




^^alUlDULeil^ ; , GlSpiayxXultSj-^ 


jLj^r^iviiirXN 1 uispiayjimis 


^ 1 jrpe, ^ 1 exi 1 Lraoei ) ; , rows x , 








wiuui ^i^/vi/\. Sty 16 

npftlncrlitltnn^ "lpfl'"> 






<IRT.FMFNT rows 




<!ELEMENT cols 


f#PCDATA\> 


<!ELEMENT propertySheetlD 


(#PCDATA)> 


<!ELEMENT propertyPagelD 


(#PCDATA)> 


<!ELEMENT attributelD 


(#PCDATA)> 


<IELEMEKrname 


(#PCDATA)> 


<!EL]^tfIENT descrqition 


(#PCDATA)> 


<!ELEMENT getDataHandler 


(#PCDATA)> 


<!ELEMENT setDataHaudler 


(#PCDATA)> 


<!ELEMENT defaultValue 


(#PCDATA)> 


<!ELEMENT Type 


(#PCDATA)> 


<!ELEMENT Size 


(#PCDATA)> 


<!ELEMENT Show 


(#PCDATA)> 



5 



An example definition of a property page is shown in Table 3. The exano^ple 
shown in Table 3 relates to the schema shown in Table 2 and defines a property page 
containing a gender data field allowiag the user to choose between male or female. 
The property page depicted in Table 3 also supplies the management module, such 
10 as module 304 shown in Fig. 3, with pointers to the code to populate the gender data 
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field and to handle the data once the user has selected a goid^. Further, the 
property page indicates its associated property sheet, i.e., tiie property sheet that 
includes the property page. 

Table 3: Example XML Property Page Definition 



propeztyPa9e> 

<proper tyShee 1 1 D> 

ActiveDirectory_Jlser_PropertySheet_ID 
</propertySheetID> " 
<pr ope r ty Page I D> 

Os e r_General_PropertyPage_ID 
</propertyPageID> 
<name> 

General 

</name> 
<desc£iption> 

Provide the users email details 
</description> 
<order> 

1 

</order> 
<getDataHandle r> 

<getDataHandlerID> 

ADUserGetHandler 
</getDataHandlerID> 
<getDataHandle rType> 

Serverside 
</getDataHandlerType> 
<getDataHandle £ORL> 

ActiveDirectoryPlugln/user . asp 
</getDataHandlerURL> 
</getDataHandler> 
<setDataHandler> 

<setDataHandlerID> 

ADUserSetHandler 
</3etDataHandlerID> 
<setDataHandlerType> 

Serverside 
</setDataHandlerType> 
<setDataHandlerURL> 

ActlveDirect oryPlugln/user . asp 
< /setDataHandlerURL> 
< / s e t Da t aHandl e r > 
<attributes> 

<attribute> 

<attributeID> 
UserlD 
</attributeID> 
<naine> 

Gender 

</name> 
<type> 

<typelD> 

enum 

</typeID> 

<typeData> 

<DataValue>Male</DataValue> 
<DataValue>FexiLale</DataValue> 

</typeData> 

</type> 

<defaultValue/> 
</attribute> 
<attributes/> 

</propertyPaqe> 

5 



In order for a resource to expose property sheet functionality, one 
embodiment of the invention suggests that the resource implement an interface, such 
as IPluginPropertySheet which may be accessed by the management module 304. In 
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particular, a property sheet manager 332 may be iir^lemented as part of the module 
304 to communicate with resources that have exposed property sheet functionality. 
The interfece EPluginPropertySheet provides a resource or plugin with a property 
sheet handler: an interface that may be called by the property sheet manager 332 to 
5 get or set property sheet information. Altemative raabodimoits may utihze other 
commimication methods in order to provide management capabilities over the 
property sheets. 

The PluginPropertySheet object defines the methods show and described 
below in Table 4. 

10 Table 4: Methods Implemented by Resource Property Sheet hiterface 



Method 


Example 


Description 


GetData 


Properties GetData( 
string strlD 

string strObJectlnstancelD 

); 

Where: 

strlD is the identifier for the 
property sheet and 
strObjectlnstancelD is the instance 
identifier for the object whose data 
is used by the property page. 


Retrieves data fi:om 
the property sheet. 

A "Properties" 
object containing 
the properties for 
the object identified 
by 

StrObjectlnstancelD 
is returned by the 

given example. 


GetDataForCondition 


Properties GetDataForCondition( 
ConditionData conditiondata ); 

Where conditiondata defines the 
condition that the properties will be 
based on. 


This method returns 
the plugin's data for 
a property sheet, 
based on a 
condition, in 
"Prop^es" object. 


GetPagelnitData 


Properties GetPagelnitData ( 
PagelnitData pageinitdata ); 

Where pageinitdata is the data used 
to initialize the property page. 


Retrieves initial 
data for the property 
sheet, i.e., initializes 
the data for a 
property page, in 
"Properties" object. 


SetData 


Task SetData( 
Properties psData ); 

Where psData is the property sheet 
data values that have changed. 


Sets data in the 
property sheet. 
Task is a an object 
that should be run 
on a client system. 



Using the methods shown in Table 4, the managemrait module 304, and in 
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particular, a property sheet manager, may get data from a plugin or resource and 
modify data that is stored in the resource with respect to property pages. 

Fig. 6 illustrates the functional componrats or operational flow 
charact^stics related to the extension of an existing property sheet by another, 
5 separate resource. That is, when a resource is initially installed, the resource 
supplies information to the configuration manager 330, shown in Fig. 3. Fig. 6 
illustrates an exemplary flow of operations during one such installation procedure, 
and in particular to the communication betwew the resource and the property page 
manager 332, shown in Fig. 3. Additionally, the procedure shown in Fig. 6 relates 

10 to particular operations that may occur during operations 406 and 408 described 
above in conjunction with Fig. 4, where new object information is supplied to other 
managers within the management module 304 and then stored by those managers. 

The flow 600 begins as receive operation 602 receives information related to 
a supported object. In one embodiment, receive operation relates to the property 

15 sheet manager 332 receiving a property page and an indication of the parent object, 
i.e., property sheet for that property page. Upon receiving the property page, a 
determine operation 604 determines whether the parent object, i.e., property sheet 
for fliat property page has aheady been defined by another resource. If so, the flow 
branches YES to append an operation 606. 

20 The append operation 606 appends the received property page to the property 

sheet. Essentially, the property sheet definition is modified, such as by the property 
page manager to include a pointer to the new property page. Thus, the next time the 
property sheet is called, the new property page information is displayed along with 
other property pages for the supported object 

25 FoUowmg the append operation 606, a store operation 608 stores the revised 

property sheet information, such as m a property sheet datastore, e.g., store 344 
shown in Fig. 3. Once the information is stored, flow ends at an end operation 610. 

however, the determine operation 604 determines that the object has not heea 
defined, th^ the flow 600 branches NO to a define object operation 612, which 

30 defines the property sheet for the system. Once the object has been defined, the flow 
600 continues to the append operation 606, which adds the received property page to 
the newly defined property sheet. As discussed above, the property sheet may be 
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modified to include a pointer to the new property page. As before, once the property 
sheet is modified, the information is stored at flie store operation 608, and the flow 
600 ends at an end operation 610. 

The ability to extend an existing property sheet by other, independent 
5 resources provides the management module 304 with an effective means of 

displaying and launching functions based on an object-centric approach. That is, an 
object, such as a user object, may be located by the management module 304 and 
displayed. The displayed object may include property pages siq)plied by more than 
one resource. Thus, the display is based on the user object and not based on the 

10 many and various resources that may or may not support the user object. In other 
words, displaying an object may display all the information about that object, even if 
some of the information is supplied by different resources. 

Besides providing an object-centric approach to displaying information, the 
enviromnent 300 (Fig. 3) may also display and laimch functions based on a task- 

15 based approach, wherein a combination of management functions across multiple 
resources are combined into a single task. Fig. 7 illustrates the task manager in an 
embodiment of the invention and the display of a task list according to this 
embodimmt. That is, the envirorunmt 300 displays many functions that may be 
performed on a particular object, even if those functions may require tibie use of 

20 different resources, such as resources 306 (Figs. 3 and 7). Yet in an alternative 

embodiment, groups of functions may be combined into a script to perform multiple 
functions across multiple resources relating a particular task, e.g., a task that an 
administrator performs in their job function. Fig. 7 illustrates a software 
enviroxmient used in displaying and executing tasks or groups of tasks in an 

25 environment, such as enviroimient 300 (Fig. 3). As will be noted, some of the 
components in Fig. 7 also appear in Fig. 3 and therefore like reference num^s 
remain consistent between the figures. 

Tasks or task groups may be displayed on user interface control 702 by a task 
management service module 704. A further description of a GUI smtable for the 

30 user interface control 702, or task list, is described below with respect to the 

management console. In a particular embodiment, the user of the system may search 
for tasks using either quick search or advanced search techniques, as described 
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below. Searching for the tasks causes the task manager 328 and task manag^ent 
service 704 to return a list of tasks that match or are related to the task that was 
requested. Alternatively, the user may browse a list of available tasks with the 
control of the task manager 328. In an embodiment, browsing may be performed by 

5 scrolling through a hierarchical list of tasks based on the application or resource 
associated with the task or based on which object is associated with the task. 

In a particular embodiment, the task list 702 displays a list of tasks 
associated with a given instance or object. These tasks can be provided by the 
framework in response to a query and subsequent generation of a "results list" 

10 described below. Thus, the framework provides the end user witib tasks tiiat are 
^appropriate based on the mviroimient and state of the data object when the us^ 
locates and/pr selects such an object. The task list can also be segmented into task 
groups. Groups can be predefined by the application or redefined by the 
administrator. 

15 Once the set of tasks has been discovered by the user and displayed in the 

task list 702, the list 702 provides a launch point for the tasks. That is, a user may 
provide an indication to execute a task from the user interface. Once mdicated, the 
task management service 704 receives the task request. In turn, the task manager 
328 may begin to carry out the task. The task manager 328 may need to reference 

20 the task request with information in the task store 340 to locate which resources need 
to be accessed and which parameters need to be passed to those resources. 

Upon determining which resources must be accessed, the task manager 328 
communicates with those resources, such as resources 318, 320 and 322 through a 
SOAP proxy and a firewall, as shown in Fig. 7, SOAP is an XML-based protocol 

25 that is designed to exchange structured and typed information on the Web. The 
purpose of SOAP is to enable rich and automated Web services based on a shared 
and open Web infrastructure. SOAP can be used in combination with a variety of 
existing IntCTiet protocols and fomiats including HTTP, SMTP, and MIME and can 
support a wide range of applications from messaging systems to RPC. 

30 Altematively, other proxy communications may be used to provide the 

communication protocol The resources are therefore called by the task manager and 
provided infonnation to carry out specific tasks. Importantly, more than one 
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resource may be called in response to a single task request fix>m the us^. The 
mettiod of combining multiple functions into a single task may be customized by the 
user as desaibed below with respect to scripting. 

In displaying the tasks^ different display methods may be implemented. In a 

5 particular embodiment of the present invention, an XML definition of tasks, task 
groups and the handlers for those tasks is used. An example XML definition of 
tasks, task groups and the handlers for those tasks is provided below in Table 5. In 
this case, the "^Manage Computers" task groins will, when rendered, contain a 
**Properties" and a *Tennuial Served' task, 

10 Table 5: Sample XML File for Generating and Displaying a Task List 



<tasks> 
<static> 

<tas)cgroup> 
<id>l</id> 

<name>Manage Coxqputer3</naiae> 
<task> 

<name>Properties</name> 

<description>Change the properties</description> 
<±d>2</id> 

<icon>lmages/ThirdPanelndlcator Icon . gif </icon> 
<handler><l [CDATA [alert ( 'Not implemented' );] ]></handler> 

</task> 
<task> 

<name>Terminal Server</naine> 

<de script ion>Launch terminal server</description> 
<id>3</id> 

<icon>image3/ThirdPaneIndicator_Icon . gif </icon> 
<handlerx ** 

// task handler script here 
</handler> 
</task> 
</taskgroup> 
</static> 

</tasks> 



Usmg an XML file similar to the one shown in Table 5, a task list, such as 
task list 702 shown in Fig. 7, may be generated and displayed for the user i^on 

15 selection of a data object or upon some other function, such as a request to display 
possible tasks that may be perfomied for a particular resource. Fig. 8 illustrates the 
functional components or operational flow characteristics related to the generation 
and display of such a task list. In particular, the flow 800 illustrated in Fig. 8 relates 
to the generation and display of a task Ust related to particular tasks that may be 

20 performed for a given object type that, for example may have been selected by the 
user. Therefore, in this embodiment, as a task list is being rendered for display in 
the user interface, the list is associated with the one or more objects that the tasks 
would ultimately ^ply. In a particular embodiment, the task manager 328 (Fig. 3) 
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provides liie functions shown and described in conjunction with Fig. 8. In 
alternative embodiments, other managers may be used to provide some or all of the 
functions shown and described in Fig. 8. 

Initially, the flow 800 begins as a receive operation 802 receives a request to 
5 display a task list for a selected object. That is, prior to receive operation, a user or 
the system selects an object and conducts a request indicating that the associated 
tasks for that object should be collected and displayed. For example, an 
administrator may highlight a particular user object Highlighting or otherwise 
selecting tfie user object may, in one embodiment, automatically causes a request to 

10 be made for the tasks associated with that object. The request to collect and display 
all the tasks for the object typically includes &e object type and the mformation 
about the instance or context of the object. 

Upon receiving the request, a collect operation 804 collects all the definitions 
that statically apply to the particular object type. Static tasks are defined as those 

15 tasks which may also be performed on a particular object. In one embodiment, when 
a task is created by a resource and associated with an object the resource may 
designate the task as a static task and that task may always be performed on any 
object of fliat object type. For instance, for a user object having user information, 
static tasks may relate to editing the user information and/or deleting the object. 

20 Since these tasks are static, the collect operation 804 may locate the tasks in a local 
store of information, such as store 340 shown in Fig. 3, or by requesting the tasks 
firom the resource that supports the task 

While the collect operation 804 is collecting static task definitions, a get 
operation 806 gets the task handler address for the particular object type. The task 

25 handler address may be found in the definition of the object and/or property page 
itself The address indicates a particular resource that may have dynamic tasks that 
are to be displayed Using the task handler address, a request is generated and sent 
to the identified resource to collect all dynamic tasks. Dynamic task information 
relates to functions that may be performed on particular data object, e.g., a particular 

30 user, but may not be available for all objects of that type, e.g., all users. 

Additionally, dynamic tasks may relate to the particular instance of an object, e.g., a 
task relating to disabling an account is dynamic since it depends on whether the 
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account has been enabled. 

Following the request for dynamic tasks at operation 806, a receive operation 
808 receives the dynamic tasks fix>m the indicated resource. Once the static and 
dynamic functions have been collected and located, a merge operation 810 merges 

5 the task information. Upon merging the information, a render operation 812 renders 
the list information to the user in the form of task Ust 702 (Fig. 7). In an 
embodiment, render operation 812 renders DHTML code needed to display the task 
Ust. Additionally, render operation 812 renders definitions of the task handlers 
which are associated with the various tasks displayed in the list 702 and which may 

10 be called \xpon selection of one of the displayed tasks. 

In accordance with other aspects of the present invention, tiie task manager 
328 may also provide the ability to group functions or tasks that may be performed 
across multiple resources. In one embodiment, the grouping of functions are 
implemented as "scripts" and actions taken within the user interface trigger these 

15 scripts, thereby passing various parameters. The parameters may be provided 

explicitly by the user or the parameters may be extrapolated, by the firamework from 
the context of the user interface when a particular script is invoked. Having all 
functions implemented as scripts increases the manageability of objects. Scripts 
may run on a local server or be pushed to the managed resources and executed on the 

20 resource. Additionally, scripts can be amalgamated in process to support 

custonuzation for the end user. Extensibility of functions relates to the extending 
application simply adding a new script to the Ubrary of the original appUcation or 
resource. 

Jn an embodiment, the scripts for all applications are stored in a central script 
25 Ubrary and are referenced by a script identification value. An end user may invoke a 
script by referencing tiie script using the identification value while passing in a set of 
parameters. Alternatively, a query may be passed in place of the parameter list, 
which causes the script to be executed on all objects that satisfy the queiy parameter. 
Fig. 9 iUustrates the functional components or operational flow 900 
30 characteristics related to the creatioii of script having two or more functions 

associated with the script. Initially, an execute operation 902 executes the macro 
function, which records two or more user functions or operations into a macro 
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format The macro operation and function is similar to other macro recording 
operations. The macro effectively contains both tasks and parameters relating to the 
actual, recorded, user-interface functions. 

Following the execute operation 902, a convert operation 904 converts the 
5 macro into an XML format file. The conversion necessarily separates the actual 
tasks firom the parameters used in performing each task. Next, using the XML file, a 
create operation 906 creates a script firom the XML file. Creating the script involves 
storing the task information independent &om the parameters. Some indication may 
be stored along with the task mformation within the script that prompts the user to 

10 supply one or more needed parameters. Alternatively, the indication may refer to the 
store to determine the information fcom the context that tiie script was executed, or 
to locate supplied parameters fix>m a qu^ list 

Upon creating the script, a store operation 908 stores the script in the script 
datastore. The user may call the script at a later time to execute the plurality of 

15 functions. Alternatively, the script may be executed automatically in response to a 
predetermined event or as a periodically tuned task. 

To illustrate the scripting fimctionatity, consider the following example. 
Assume that a human resources specialist is charged with oreating a new user profile 
within the company. The specialist may record a macro of all the separate tasks that 

20 must be performed m ord&c to create a new user profile. Those tasks may include 
notifying the accounting department to inform them that they need to address payroll 
information for the user and notifying the corporate security department indicating 
that a new key card shoxild be made. Similarly, other relevant departments may be 
notified. A script of all these functions and notifications is created and stored in a 

25 script store so that the next time a new user profile must be generated; only the script 
needs to be called In this case, the script prompts the specialist for user information 
to complete the profile and then the script notifies accounting, corporate security, 
etc. Consequently, the specialist does not have to perform repetitive steps in 
creating a new user profile for each new user. 

30 With respect to other aspects of flie present invention, flxe management 

module 304 provides search capabilities. The environment 300 and the management 
module 304 includes a search or query manager 324 that is used to carry out various 
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searches, such as searches for objects types, particular objects, resources, tasks, 
groups of tasks, aiuong others. The search manager 324 interacts with the vtser 
interface manager 326 to receive queries and, in tum interacts with resources 312, 
314 and 316 to locate requested items based on the given query. 
5 In an embodiment of the invention, the manager 324 uses a schema driven 

search method which greatly enhances the flexibility of traditional searching 
capabilities by allowing the search parameters to be fiilly configurable through XML 
schema by the resources themselves. In essence, a resource may choose what object 
attributes can be searched over and in what domains the search is to be performed 

10 while still maintaining the uniformity of the user-int^ace and the architectural 
inter&ce across different renderings of the management module 304. 

More particularly, in an embodiment the plugin may provide such 
information to the configuration manager at process step 402 described above in 
conjunction with Fig. 4. The plugin provides the configuration manager 330 with a 

15 list of all attributes that define their objects and also a list of which of these attributes 
that may be used in subsequent searches. Additionally, the plugin may indicate the 
available scopes for such searches. The search manager 324 is then provided this 
information at supply operation 406. 

Based on the information provided by the plugin, the management module 

20 304 can generate the s^propriate user-interface, as well as pass the schema to other 
resources to ensure an appropriate search is performed and the correct search results 
are displayed. In this embodiment, the environment does not have to specify all 
attribute names that are searchable for all possible object types. Instead^ the plugin 
provides this information. 

25 Additionally, as shown in Fig. 10, the plugin may incorporate its own search 

engine 1002. An embodiment of the present invention provides the plugin the 
C£^ability of specifying its own search engme 1002 and hooking it into the 
management environment 304 and search manager 324. Therefore, when a user 
performs a search for a particular object type the management module 304 passes the 

30 search string to the tailored search engine 1002 and retrieves the correct results fiom 
that search engine 1002. In this manner, the end user experiences similar search 
characteristics independent of the object being located or the location of the object. 
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Moreover, a standard method of searching need not be written in the management 
module 304, e.g., a method that would account for flie search syntax and 
architectural backend for supporting any and all searches over any object types. 
Instead, the separate search engines, such as engine 1002, are hooked into the 
management module 304 and called via a predetermined protocol. 

In an embodiment, the protocol relates to use of an XML schema that 
confonns to the following Document Type Definition (the rules of the schema) 
shown in Table 6. The DTD shown in Table 6 provides the schema for defining an 
object type, which includes the schema to define the objects search parameters. 

Table 6: Object Type XML DTD 



<!ELEMENT objectTypes 


(objectType+)> 


^ijjrj^cjvLDJN 1 oDjeciiype 


(id, domain?, name, imageURL, 
qmcKoearcniiancuerUKL, 
quicKoearcnrianaier i ype, 
ou vonceuo earcnxianaier, 
auYauceoDearcnui} 

clUliUU f yalUlI/UieSy IoaKS/^ 


<'ELEMENT attributes 




<'ELEMENT attribute 


o^AjpwxxaiiUid 1 ypc J 1 
AjsTnjstflTicfiTD? iH njimp 

isQuickSearchable?, dataType, 

advancedQueryDisplayHints, 

resultsDisplayHints))^ 


<!ELEMENT 

advancedQueryDisplayHints 


(show, requiredValue, 
defaultValue, order, width)> 


<!ELEMENT resultsDisplayHints 


(show, order, width)> 


<!ELBMENT tasks 


(static?,dynamic?)> 


<!EL0^1ENT static 


(taskgroup)> 


<!ELEMENT taskgrovq) 


(id, name, task+)> 


<!ELEMENTtask 


(name, description, id, icon, 
handler)> 


<!ELEMENT handler 


(#PCDATA)> 


<!ELEMENT dynamic 


(publishera)> 


<!ELEMENT publishers 


(publisheH-)> 


<!ELEMENT adinfo 


(objectCategory, objectClass)> 


<!ELEMENT pubUsher 


(#PCDATA)> 


<!ELEMENT objectCategoiy 


(#PCDATA)> 


<!ELEME1SIT objectClass 


(#PCDATA)> 


<!ELEMENT description 


(#PCDATA)> 


<!ELEMENTicon 


(#PCDATA)> 


<!ELEMENTshow 


(#PCDATA)> 
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<!BLEMENT requiredValue 


(#PCDATA)> 


<!ELEMENT defaultValue 


(#PCDATA)> 


<!ELEMENT order 


(^flPCDATA)> 


<!ELEMENT width 


(^^CDATA)> 


<!ELEMBNT scopeHandlerURL 


(#PCDATA)> 


<!ELEMENT scopeHandleiType 


(#PCDATA)> 


<!ELEMENT isInstancelD 


(#PCDATA)> 


<!ELEMENT isQuickSearchable 


(#PCDATA)> 


<!ELEMENT dataType 


(#PCDATA)> 


<!ELEMENT isScope 


(#PCDATA)> 


<!ELEMENT id 


(#PCDATA)> 


<!ELEMENT domain 


(#PCDATA)> 


<!ELEMENT name 


(#PCDATA)> 


<!ELEMENT imageURL 


(#PCDATA)> 


<!ELEMENT 


(#PCI>ATA)> 


quickSearchHandlerURL 




<!ELEMENT 


(#PCDATA)> 


quickSearchHandlerType 




<!ELEMENT advaiwedSearchHandler 


(#PCDATA)> 


<!ELEMENT 


(#PCDATA)> 


advancedSearchHandl^UI 





An example XML schema to define a search is ^own in Table 7. 



Table 7: Sample XML Schema to Define a Search 

5 

<OBJECTTYPE> 

<ID>4D36E96A-E325-11CE-BFC1-08002BE10318 </ID> 
<NAME> Computer </NAHE> 
<QniCRSEARCHHANDLER> 

http ; //MMP/Search/ADS_Search . ASP 
</QaiCRSEARCHHANDLER> 
<ADVANCEDSEARCHHANOLER> 
</ADVANCEDSEARCHHANDLER> 
<ATTRIBUTES> 

<ATTRIBDTE> 

<ISQUICRSEARCHABLE> 
True 

</ISQOICKSEARCHABLE> 
<ISDEFADLT> True </ISDEFAULT> 
<1D> OF-40-5012 </ID> 
<NAMB> Office </MAHE> 
<DATATYPE> String </DATATyPE> 
<ADVANCEDQOERYDISPLAYHINTS> 
</ADVANCEDQUERYDISPIiAYHINTS> 
<RESULTSDISPIiAYHINTS> 

<SKOW> 

</SHOW> 

<ORDER> 

</ORDER> 

<WIDTH> 

</WIDTH> 
</RESULTSDISPLAyKINTS> 

</ATTRIBOTES> 
</OBJECTTYPS> 



The above example defines part of an object having an attribute named 
"Office" that is to be exposed to the search system. That is, when an end user of the 



35 



wo 02/48866 



PCT/USOl/48014 



management system 304 wishes to search for an object of this type they can do so 
nsiag the office attribute. 

In another embodiment, the line "http://MMP/Search/ADS_SearchASP" is 
replaced with •littp://MMP/Search/ADS_Searckasmx" such that the example 
5 defines part of an object including a poiater to the search engine that is to be used to 
search for objects of the above type. In this case the pointer is now 
http://MMP/Search/ADS_Search. 

In a particular embodiment, the search manager 324 may provide two options 
to the user, a quick search and an advanced search, ^th respect to the advanced 

10 search function, the user may simply an advance-search query to the search manager 
324, which, in tum, parses the query. Based on the results of the parsing action, the 
search manager may then access the various resources and subsequently search 
information stored in conjuQction with those resources to locate the requested 
information. Many different advanced search algorithms may be implemented to 

15 perform the search function. The search manager 324, however, controls the 
searches performed, either using plugin search engines, such as engme 1002 or a 
search engine located on the resource management module 304, not shown. Results 
from searches may be marshaled back to the user through a search management 
service 1004 and displayed in the user interface 1006, as described below. 

20 Fig. 1 1 illustrates an operational flow 1 100 related to the execution of a 

search function. Initially, a receive operation 1 102 receives a search query. The 
query may be received firom the client system 308. However, in other embodiments, 
the system 304 may receive the query 6com other sources, such as one of the 
managers, e.g., the task manager 328 or one of the resources 306. The query 

25 includes information related to the types of objects or tasks that are requested. 

However, in other embodiments, the query may in&lude any information that can be 
used to conduct a search either locally on the managemmt module 304, or on one or 
more resources 306. 

Upon receivmg the query, a send operation 1 104 sends the query to the 

30 search manager 324 (Fig. 3). The search manager 324 may then parse the search 
request and associated query. In an embodiment, the request is formatted in an 
XML format and includes a tag identifying a search handla:. Next, a determine 
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Operation 1 106 determines the search handler from the received query. The search 
handler is identified by an address or pointer located in the query or within a 
property sheet which may be detennined based on the qu^ terms. 

Following determine operation 1106, a package operation 1108 packages the 
5 data into an XML formatted file. The query may include attributes that can be 
passed to a resource. However, prior to passing to the resource, the information is 
first put into a recognized format, e.g., XML. Once packaged, a send oporation 1110 
sends the information or data to the resource. The resource that receives the 
information relates to the resource that manages the search handler. The resource 
10 then performs a search amongst its managed objects to locate the requested 
information. 

Following the send operation 1110, and once the resource has located the 
requested information, a receive operation 1112 receives the results from the 
resource. The received information may be formatted into an XML format 

15 Additionally, any parsing of the results may be done by the receive operation 1 1 12. 
Furthennore, should the results contain multiple pages of information, the receive 
operation 1112 may also page the results into memory. Next, a send operation 1114 
sends the results of the query to the client. As stated, the results may contain a 
significant amount information and therefore the results may be divided into pages 

20 for the client. 

The method shown and described in conjunction with Fig. 1 1 may be used 
for either the advanced search or the quick search feature. However, the advanced 
search option provides a layer of processing that may evaluate query strings and 
access multiple resources, such that the scope of the search may be quite broad. 

25 Indeed, the searches may be general in nature and the results may comprise a 

plurality of objects. In such a case, tiiose objects may reside on different resources. 

On the other hand, the quick search feature is intended to compliment the 
advanced search feature by providing the plugin with a way to expose their most 
frequently sought data to the user through a simple, easy to use search interface. In 

30 an embodiment, the quick search feature is a subset of the advanced search, i.e. it's 
queries feed into the advanced search algorithm. Alternatively, the quick search 
operates independentiy of the advanced search algorithm. Further particiilars related 
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to the quick search features are discussed in detail below with respect to the 
managemeat console GUI. 

As described, the systems and methods of the present invention allow for the 
management or administration of a numb^ of varied resources in a computer 

5 network. As will now be described in greater detail, the management or 

administration of the varied resources may be carried out via a unique graphical user 
interface displayed on a client computer system, such as the client computer system 
302 shown in Fig. 3. As will now be described, in an embodiment of the present 
invention, a unique "management console" running in a web browser ^plication on 

10 a client computer system provides a consistent interface for a variety of "back-end" 
resources, such that the system administrator may perform his or her network 
administration tasks in a clear and concise manner from any number of computing 
device having accesses to the internet. 

As described above, the user interface manager 326, of the management 

15 module 304, provides appropriate communication links and protocols between the 
client computer system 302 and the management module 304 in a manner that 
allows a browser, such as the web browser 1 16 on the client computer system 1 16, 
to provide r^ote resource management capabilities to a system administrator. In 
one embodiment, the int^ace manage 326 includes a web service. As is known, a 

20 web service is a unit of application logic providing data and services to other 
applications, such as the web browser 1 16 running on the client computer system 
102. 

As also described above an application, such as the browser 116, may access 
the web service of the interface manager 326 using web protocols and data formats, 

25 such as HTTP, XML, and SOAP. During an initial access of the interface manager 
326 by the browser 1 16, the interface manager 326 downloads a small application, 
herem referred to as the console applet 313, to the web browser 31 1, as shown in 
Fig. 3. The console ^plet 313 may comprise, for exan^le and wi&out limitation, a 
Java £^plet. The console applet 313 operates within the browser to render a 

30 management console, within the browser, in accordance with predefined console 
layout specifications and features. As also described below, the console 313 ^plet 
also manages the sending and receiving of information to and from the interface 
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manager 326. 

In one embodiment of the present invention, the layout of a format of the 
particular management console being rendered in the browser 3 1 1 on the client 
computer system 1 16 is specified by an XML document sent fiom the interface 
5 manager 326 to the console applet 3 13. In this embodiment, the console applet then 
opens the XML file by loading the XML file into an XML Document Object Model 
(DOM) object. The DOM object is then used to access tilie data defining the format 
of the consol. The console s^plet 313 then interprets the data and generates 
appropriate HTML, DHTML, or scripts (such as java script or jscript) for rendering 

10 the management consol in the browser 311. 

Additionally, data relating to requests or inquiries firom the client 
environment 302 to the management module 304, or responses fix>m the 
management module 304 to the client environment 302, may also be formatted and 
transferred between the client environment 302 and the management module 304 as 

15 XML documents. Once the interface manager 326 has received a request or inquiry 
from the client envirormient 302, the interface manager fimctions to distribute the 
request or inquiry to the appropriate manager or resource. 

The format of the XML documents sent between the console applet 313 and 
the interface manager 3 16 are predetCTnined. In one embodimmt, the format of any 

20 XML document sent between the interface manager 326 and fiie console applet 313 
is specific to the particular manager fliat will ultimately access or handle the data 
contained in the XML document. For example, as described above, information or 
requests that are to be handled by the search manager may be transmitted in an XML 
document that has a format that is uniquely configured for search specific data and 

25 commands. 

As shown in Fig. 3, flie client environment 302 may include a web browser 
311, such as browser 116 shown in Fig. 1, as well as an applet 313 running on the 
web browser 31 1. The applet 313 fimctions to generate a management console, as 
described below, in the web browser 311. The web browser 311 may be any 
30 standard web browser that is compatible with ttie Microsoft ".NET Framework." 

As is known, a web browser is a client application, software component, or 
operating system utility that communicates with server computers via standardized 
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protocols such as HTTP, FTP and Gopher. Web browsers receive documents fiom 
the computer network and present them to a user. Microsoft Internet Explorer, 
available from Microsoft Corporation, of Redmond, Wash,, is one example of a web 
browser, 

5 Fig. 12 illustrates some of the elements of a user interface in accordance an 

embodiment of the present invention. As described above, in an embodiment, the 
user interface conQ>rises what is referred to herein as a management console 1200, 
which is rendered in a window of a web browser, such as web browser 311 (Fig. 3). 
In one embodiment, the rendering of the console 1200 may be handled by the web 

10 browser 121 1 in accordance with a markiq) language document, such as, without 
limitation, an XML document, an HTML docummt, or a DHTML document. In the 
case where the consol is rendered in accordance with an XML document, that 
document may be converted to, and accessed in the form of, a DOM object. 
The console 1200 employs a GUI-type visual presentation to convey 

15 information to and receive conunands from users for controlling or accessing one or 
more of the resources 306. The console 1200 relies on a variety of GUI elements or 
objects, including windows, icons, text, drop-down menus, dialog boxes, toolbars, 
buttons, controls, and the like. A user, such as a system administrator, may interact 
with the GUI presentation of the console 1200 by, for example and without 

20 limitation, using a pointing device (e.g., a mouse) to position a pointer or a cursor 
over an object and "clicking" on the object or by using keys on a keyboard. 

The style and behavior of any component that is laid out on the console can 
be persisted. Users can completely customize their consoles, specifying everything 
from the content and configuration of the zones to the level of information displayed 

25 in a property page. Customized consoles can be saved for personal use or published 
for use by others. 

As shown in Fig. 12, the console 1200 includes a tool bar 1210 and three 
zones, including a first tool zone 412, a work zone 1214, and second tool zone 1216. 
In one embodiment, the toolbar 1210 is located at an uppermost edge 1202 of the 
30 console 1200. It will be appreciated by one skilled in the art that the present 

invention is not limited to the toolbar described herein, but may encompass any type 
of toolbar containing control elements or commands for controlling the features of 
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console 1200. The toolbar 1210 may include any number of controls that are 
associated with the console 1200. In one embodiment, as shown in Fig. 12, the 
toolbar 1202 includes a console selection element 1222, a show element 1224, a first 
zone display element 1218, and a second zone display element 1220. These controls 
5 perform specific functions in association with the console 1200, as will now be 
described. 

The console selection element 1222 allows a user to select &om among a 
number of predefined consoles. That is, the user may use the console selection 
element 1222 to access a number of different "console layouts." Additionally, 

10 consoles may be saved, as described below. A system administrator may "author** a 
number of different consoles, each of which may contain different elements and 
features. For example, and without limitation, consoles may be authored to include 
graphical control elements that are appropriate for various scenarios or tasks. 
Altematively, consoles may be authored to include graphical control elements that 

15 are specific to a specific user's job fimctions or administrative level. 

As shown in Fig. 13, in one embodiment, the console selection element 1222 
includes an entry point 1330 and a drop-down menu 1332, including a list of 
available console layouts, fliat is e3q)osed for operation by a user via the entry point 
1330. The entry point 1330 may be implemented by a conventional toolbar button 

20 or mmu, or by a special control element. Alfliough this exemplaiy embodiment 

includes a visible entry point, those skilled in the art will appreciate that the function 
of selecting a desired console layout can also be implemented by "clicking" a 
selected mouse button while the cursor is located over a particular location of the 
toolbar. 

25 To select a particular console layout, the user may use a mouse (or keyboard) 

to move a cursor to the entry point 1330, and thereafter click on (or select) the entry 
point 1330. When the user clicks on flie entry point 1330, the drop-down menu 
1332 is displayed, as shown in FIG. 13. This exemplary embodiment uses a drop- 
down menu having selection indicators, which may be implemented as a 

30 checkboxes, to indicate whether a particular layout firom the list of available console 
layouts has been selected. To select a particular console layout, the mouse may be 
used to select the desired console layout. A checkbox is a type of interactive control 
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often found in a GUI and is used to indicate which of the desired console layouts in 
the menu has been selected. 

Additionally, located in the drop-down menu 1332 of the console selection 
element 1222 are a console "save" element 1334 and console "save as" buttons 1336. 

5 The console "save" element 1334 may be used to save the current state of the 

console layout 1200, under the current console name. In contrast, the console "save 
as" element 1336 may be used to save the current state of the console 1200 under a 
different console name. In one embodiment, the console "save" element 1334 and 
the console "save as" 1336 element 1336 may be implemented as buttons located in 

10 the drop-down menu 1332, as shown in Fig. 1 3. Once the saved, the layout of a 
console may be save, for example as an XML file, by the persistence manager 334. 
The selection of these elements may then be accomplished by "cUcking" the buttons 
using a mouse. However, the console "save" element 1334 and the console "save as" 
element 1236 may also, or altematively, be located in other areas of the console 

15 1200. 

As shown in Fig. 13, the show element 1224 allows a user to hide and/or 
show the first 1212 and second 1216 zones. In one embodiment, the show element 
1224 is presented and operates in a similar manner to the console selection element 
1222, as a show drop-down menu 1340. Located in the show drop-down menu 1340 

20 are a "hide left zone" element 1342 and a "hide right zone" element 1344. The "hide 
left zone" element 1342 allows a user to select or deselect the display of the first 
zone 1212. The "hide right zone" element 1344 allows a user to select or deselect 
the display the second zone 1212, 

In addition to the "hide left zone" element 1342 and the "hide right zone" 

25 elCTient 1344, in one embodiment, the show drop-down menu 1340 may also 
include other elements for selecting or deselecting the display of the various tools 
located in the first zone 1212 and/or the second zone 1216 of the console 1200. For 
example, as shown in Fig. 13, the show drop-down menu 1340 mcludes a "hide 
quick search tool" element 1346 and a "hide monitors tool" element 1348. The 

30 selecting or deselecting of the display of various the various tools located in the first 
zone 1212 and/or the second zone 1216 of the console 1200 may be accomplished in 
a similar manner as that described above with respect to the "hide right zone" 
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element 1344 and the "hide left zone" element. 

Returning to Fig. 12, the first zone display element 1218 allows a user to 
"toggle-ofiE" and/or "toggle-on" the first zone 1212. That is, the first zone display 
element 1218 allows a user to add or remove the first zone 1212 fit>m the console 
5 1200. As shown in Fig. 13, the first zone display element 1218 may be implemented 
as a button. In this embodiment, the user positions the mouse over the first zone 
display button 1218 and clicks on the button 1218 to "toggle" the button between a 
first state, where the first zone 1212 is displayed in the console 1200, and a second 
state where the first zone 1212 is not displayed in the console 1200. A number of 

10 mechanisms may be employed to indicate when the first state has been selected. For 
example, giving focus to or highlighting the button 1218 v/hea the first state is 
selected, changing the color of the selected button 1218 when the first state is 
selected, displaying a different icon, such as a light bulb, when the first state is 
selected, or using radio buttons, etc. • 

15 The second zone display element 1220 allows a user to "toggle-off* and/or 

"toggle-on" the second zone 1216. That is, the second zone display element 1220 
allows a user to add or remove the second zone 1216 from the console 1200. The 
second zone display element 1220 may be implemented in a similar manner to that 
just described vnlb respect to the first zone display element 1218. 

20 In an embodiment of the present invention, the first zone 1212 and the 

second zone 1216, are operable to display one or tools, where a tool is a graphical 
user interface element that provides a user quick access to features or functions of 
the console 1200. For example, as shown in Fig. 12, the first zone includes a quick 
search tool 1240, which provides a hierarchical selection structure to enable the user 

25 to quickly search for different objects and to populate the work zone 1214. As also 
shown in Fig. 12, the second zone includes a monitor tool that displays the status of 
CPU usage. 

The work zone 1214 is where much of the functionality of the console 1200 
is carried out As shown in Fig. 12, the woik zone 1214 has displayed therein a 
30 woricspace 1250, Each workspace typically maps to a smgle job function, such as 
managing servers or printers. While numerous workspaces may be viewed in the 
woik zone 1214, in one embodiment of the pr^ent invention only a single 
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workspace may be viewed at a time in the work zone 1214. However, in the case 
where a console includes more than one workspace, a user may use a browser tool to 
access the various workspaces, as described in greater detail below. 

Located within the workspace is workspace window 1252, which is operable 
5 to display one or more modules 1254. Also included in the workspace 1250 is a 
scroll bar 1255. The scroll bar is a graphical control element that allows a user to 
view information outside of the viewing area of the workspace window 1252. For 
example, the scroll bar 1255 may be used to scroll the workspace window 1252 in a 
manner that brings one or another module of the modules present in the workspace 

10 1250 into view in the workspace window 1252. As is typical, the scroll bar 1255 
includes a scroll box 1256 that may moved up and down inside the scroll bar using a 
mouse. Scroll arrows 1258 at each end of the scroll bar 1255 can also be clicked to 
move the viewing area of the workspace window 1252 in a speciJBed direction. 
Additionally, the scroll box may be moved up and down inside the scroll bar 1255 

IS by clicking inside of the scroll bar in an area not occupied by the scroll box 1256, as 
is conventional. 

Located within the workspace window 1252 are one or modules 1254. 
Where a workspace is mapped to job functions, modules 1254 typically map to a 
specific object(s) upon which work is done. As discxissed above, there are two types 
20 of distinct modules — ^those which reside in a workspace and pertain to a specific 

object type and those which reside in the first and second zones, herein referred to as 
tools. Table 8, shown below, illustrates a list of several modules that may be 
displayed within the various zones. 

Table 8 - Example Modules 



Module Name 


Function 


Quick Search 


Module to launch and perform any job 
fimction by quickly searching object types. 


Explorer 


Launch point for workspaces and modules 
provides user with a snapshot of the current 
state of the console. 


Monitors 


Provides user with a snapshot of the status 
of requests, tasks, or objects. 


Notifications 


Provides user with explicit notifications 
when predetemuned rules are met. 
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Advanced Search 


Provides advanced search functions for the 


Browse 


Alternative searching capability through 
Browse te<^litiiflup<i 


Results List 


Workspace area for storing the results of a 

Querv TTiAv He timvifiefi Hv the Oiiirlr 
Search or Advanced Search function. 


Task List 


vv vAA^^aww cuwa uiuviuwu i\j UioUiay a Hot 

of tasks associated with given instances. 


Task Pads 


Tool that allows for customization of 

aValiaUlC laSiiLS. 


Property Sheets 


Workspace display of various properties 
xur uic particular oojcci. sciccicci. 


Wizards 


Wizards provide the ability to specify 
complex workflow relationships between 
pages. 


Graphs 


Workspace area for viewing various data, 
such as monitored data in graph format. 


EAjxvaoic una. 


x^aiLaOic vjna luncnons similar lo a 
spreadsheet. Provides the user the ability 
to view, edit and modify tabular data. 


TVrsivrincr fiiiffsK^p 
l^keLYfUlg OUXXaCC 


i-irawmg dica proviQuig visual uispiay oi 
workflow for such items as Wizards and 

UUlCi lA/UipUUCUlb. 


Enteiprise Event Log 


Viewer to provide administrator with the 
useful display of events alerts or trouble 
areas. 


ScheduHn 

%jf wxxw\A mil 1 & 


IV/fnHiile ff\T QfififtHi ill "Tier p^vf^titc "fi^r tnati a 

objects. 


Hosted or Spawned 
Applications 


other applications used within a 
predetermined workspace, such as Instant 
Messenger or Terminal Server. 



Each module 1254 contains a module window 1260. Each module window 
1260 includes one or more associated panes. As shown in Fig. 12, in one 
embodiment, the module window 1260 includes four distinct panes: a query pane 
5 1262, an object pane 1264, a task pane 1266, and a woik pane 1268. 

In general, the object pane 1264 is operable to display information about one 
or more objects that are applicable to the module 1260 in which the object pane 
1264 resides. For example, the object pane 1264 may include a list of objects 
associated with a given module that may be selected for access by a user. The 
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objects in the object pane may be presentation in a number of ways, depending on 
the nmnber of objects to be displayed and the preferences of the author of the 
console 1200. For example, and without limitation, the objects may be displayed in 
a simple object list, as shown in Fig. 14. A user may thra select one or more of the 

5 objects in the list for accessing. 

The task pane 1266 is operable to display various tasks that are or applicable 
to, and available for, an object that has been selected in the object pane. As with the 
object pane, tasks in the task pane 1266 may be presentation in a nimiber of ways, 
depending on the number of tasks to be displayed and the preferences of the author 

10 of the console 1200. For example, and wi&out limitation, the tasks may be 

displayed in the task pane 1266 as a simple task list, as shown in Fig. 14. A user 
may then select one or more of the tasks in the list for access. 

Once a task has been selected from the task list 1266, the function of the 
selected task may be immediately carried out or, altematively, a work pane 1268 

15 may be displayed showing additional information and/or presenting additional 
functionality, or sub-tasks, related to the selected task. The additional information, 
tiie presented additional functionality, and/or the related sub-tasks, may be displayed 
in the work pane 1268 in a numb^ of ways, depending on the type of information or 
functionality that is to be displayed and the preferences of the author of the console 

20 1200. 

The query pane 1262 is operable to search multiple resoxirces associated with 
the software environment 300 (Fig, 3). As described previously, network 
administrators may work with many different objects of differing types. In a typical 
network administmtion environment objects are usually only accessible through 

25 applications that are specific to either one or a small collection of object types. 

Thus, if an network administrators needs to woik with a specific object or group of 
objects, the network administrators must first navigate to the application that is 
associated with the desired object type and then navigate to the specific object or 
group of objects. This does not provide an integrated user experience. In contrast, 

30 the query pane 1262 provides an integrated manner in which objects from multiple 
resources may be accessed. That is, the query pane 1262 provides one mechanism 
by which the object pane 1264 may be populated by objects from or related to a 
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variety of references. 

The query pane 1262 may be presented in a number of ways, depending on 
the type of resources that are to be queried and tiie preferences of the author of the 
console 1200. In one embodiment, such as shown in Fig. 14, the query pane 1262 
5 may con^)rise a simple text box 1470 for entering terms for a desired query using a 
keyboard, A mouse may then be used to cUck a "Go!" button 1472 to initiate the 
query. 

In one embodiment, the result of executing a query produces one of three 
states: 1) no objects found; 2) one object found; or 3) multiple objects found. If an 

10 object or multiple objects are found, they are displayed in the objects pane 1264. As 
such, refireshmg or modifying the query may result in different objects being 
displayed in the object pane. 

The query pane provides a unique and cohesive approach to object selection 
and management. Instead of requiring the network administrators to navigate to an 

15 application and then navigate to an object or group of objects, as was common in 
prior network administration tools. The query pane 1262 allows a network 
administrator to navigate directly to an object or group of objects. Once an object(s) 
is located the network administrators is then able to perform all task that are 
associated with that object(s). 

20 Turning now to Fig. 14, shown therein is an exemplary console 1400, 

displaying a toolbar 1410 positioned at the top 141 1 of the console 1400, a first zone 
1412 positioned on the left side 1413 of the console 1400, a second zone 1416 
positioned on the right side 1417 of the console 1400, and work zone 1414 
positioned in the center 1415 of the console 1400. Displayed in the first zone 1412 

25 are two tools, a quick search tool 1418 and an e^lorer tool 1420. Displayed in the 
second zone 1414 are another two tools, a monitors tool 1422 and a notifications 
tool 1424. Displayed in the work zone 1414 is a user administration workspace 
1426 containing a module 1454. It will be understood that the particular console 
shown in Fig. 14 is but one example of a console and is presented here to provide a 

30 better understanding of various functionality and display characteristics that may be 
available with respect to a console. As such, the layout and fimctions of the 
particular console shown in Fig. 6 are not intended to encompass all feature, layout. 
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and/or functionality that may be presented in a console. 

As described above, ttie qxiick search tool 1418 provides a hierarchical 
selection structure that enables a user to quickly search for different objects from' a 
variety of resources and to populate the work zone 1414. More particularly, the 
5 quick search tool 1418 includes GUI controls that allow a system administrator to 
easily combine a specific object instance (or instances) and an action to be 
performed against that object instance, as well as specify the scope of the search. 

As shown in Fig. 15, the quick search tool 618 employs common GUI 
controls such as flie drop-down menus, text boxes, and buttons. The controls arc 

10 arranged logically to support a simple work flow for performing the action of 

specifying an object instance-action pair to be found. In an embodiment, the quick 
search tool 618 includes a tool bar 1510, including a quick search drop-down menu 
selector 1512, an edit element 1514, and a quick search close element 1516. The 
quick search drop-down menu selector 1512 includes a triangular visual element that 

15 may be "clicked" on by a mouse to open or close a quick search drop-down menu 
1518, in a conventional manner. The quick search close element 1516 mcludes an x- 
shaped visual element that may be "clicked" on by a mouse to close flie quick search 
tool 1518, in a conventional manner. 

In one embodiment, the quick search drop-down menu 1518 includes an 

20 object type selection element 1530, a search scope selection element 1532, an 
instance(s) selection element 1534, an action selection element 1536, and a quick 
search initiation element 1538, each of which will now be described. 

The object type selection element 1530 provides a graphical representation of 
the various object types that arc searchable by a user, such as a system administrator. 

25 The number and selection of the various object types that arc displayed by the object 
type selection element 1530 may be preselected, such as by an author of a consoL 
Additionally, the number and selection of the various object types diat are displayed 
by the object type selection element 1530 may vary when either a different console 
1400 or a different workspace 1426 are selected. 

30 The object type selection element 1530 may display the various object types 

for selection in a number of ways. Furthermore, the object type selection element 
1530 may provide any of a number of different mechanisms by which an object type 
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may be selected fix)m the display of the various object types. For example, and 
without limitation, the object type selection elemrat 1530 may display the various 
object types for selection in the fomi of a Ust of objects in a drop-down menu 1610, 
as shown in Fig. 16. A user of the quick search tool may then select a particular 
5 object from the list of objects 1612 by cUcking on a desired object with a mouse. 
Alternatively, the user of the quick search tool could select a particular object from 
the list of objects 1612 using keys on a keyboard. For example, a user could use up 
and down arrow keys on a keyboard to navigate the list of objects 1612. 

Once the user has selected a particular object from the list of objects 1612, 

10 the search scope selection element 1 532 is enabled and may be used to define the 
scope of the desired quick search. In one embodiment, the user may define the 
scope of the search either by entering a desired scope. Alternatively, based on the 
type of object selected, the scope of the search may be defined to reflect an 
appropriate hst of areas within which to search for the object instance the user has 

15 specified. For example, as shown in Fig. 16, the user has selected a user object. If, 
for example, instances of the user object are stored in tiie Active Directory. In such 
a case, the scope of the search may involve selecting the domain in which to search. 
As another example, iffhe instance is stored in a SQL Server database, then the 
scope would most likely be a list of database names. 

20 The search scope selection element 1532 may display the various search 

scopes for selection in a number of ways. Furthermore, the search scope selection 
element 1532 may provide any of a number of different mechanisms by which a, 
search scope may be selected from the display of the various search scopes. For 
example, and without limitation, the search scope selection element may display the 

25 various scopes for selection in the form of a list in a drop-down m^u, in the same 
manner as described above with respect to the object ^e selection element 1530 
shown in Fig. 1 6. A user of the quick search tool 1418 could then select a particular 
scope fiiom the list of scopes by clicking on the desired scope with a mouse. 
AltCTnatively, the user of the quick search tool could select a particiilar scope from 

30 the list of objects using keys on a keyboard. 

As shown in Fig. 17, the object type (User) has been selected, as shown in 
the search scope selection element 1532. Because the instances of this object type 
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are stored in an Active Directory, the scope would be a list of domain names. In the 
example shown in Fig. 17, tiie user has accepted the de&ult domain, Microsoft.com, 
and that scope is shown in the search scope selection el^ent 1532. 

After selecting a particular scope for the search, the user may then select an 
5 instance of the object type specified using the instance selection element 1534, An 
instance of an object type is specific, named object For example if an object is of a 
type type 'User', then the instance will be an actual user. The instance selection 
element 1534 may display tibie various instances for selection in a number of ways. 
Furthermore, the instance selection element 1534 may provide any of a number of 

10 different medianisms by which a instance may be selected fiom tiie display of the 
instances. For example, and without limitation, the instance selection element 1534 
may display the various instances for selection in the form of a list in a drop-down 
menu. Alternatively, the instance selection element 1534 may allow the user to 
input the desired instance(s) manually. For example, as shown in Fig. 17, the user 

15 may type a desired instance(s) into a text box 1710 in the quick search drop-down 
menu 1518. Additionally, by using a delimiter such as a semi colon, the user may 
specify multiple instances. The user may also employ "wildcards," such as an 
asterisk or a question mark, etc., v/bsa specifying instances. Instance names will 
typically be a unique identifier for the object type. For example, if an Active 

20 Directory's user object has been selected the instance name might be a logon name. 
After selecting a particular instance(s) for the search, the user may select 
&om a number of actions that are available for the selected object type, scope, and 
instance(s) using the action selection element 1536. The action selection element 
1536 may display the various actions for selection in a number of ways. 

25 Furthermore, the action selection element 1536 may provide any of a number of 
different mechanisms by which an action may be selected from the display of the 
actions. For example, and without limitation, the action selection element 1536 may 
display flie various instances for selection in the form of a action list in a drop-down 
menu 1810, as shown in Fig. 18 , A user of the quick search tool 1418 could then 

30 select a particular action to be completed from the list of actions by clicking on the 
desired action with a mouse. Altematively, the user of the quick search tool 1418 
could select a particular action from the Ust of actions using keys on a keyboard. 
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The available action list is populated with a list of allowable actions for the 
selected object, again provided to the configuration manager by the resource during 
the installation process. As discussed above, available actions may be segmented 
into static and dynamic tasks. A static action or task is one that the resource knows 
5 will be.associated with all instances of the given object, e.g. the reset password 
action is one that is associated with all user objects and can therefore be labeled as 
static. A dynamic task on the other hand is a task that may or may not be associated 
with a given object depending on its state, e.g. a "disable account" task is one that is 
• only valid for users who's accounts are enabled. If a user's account is already 

10 disabled then the "disable account" task is not displayed in the available actions list, 
e.g., Ust 1014. In an embodiment, the drop down list on the quick search pane is 
populated only with static tasks. Once the results set has been returned and a 
specific object has been selected then the task Mst in the scratch module will be 
populated with both dynamic and static tasks. The tasks are obtained by querying 

IS the task manager, discussed above. 

Once a user has selected an object type, scope, instance(s), and action, the 
search is initiated using quick search initiation element 1538. The quick search 
initiation element 1538 may be displayed in a number of ways. For example, and 
without limitation, the quick search initiation element 1538 may display as a search 

20 button, as shown in Fig. 19. To initiate the search, the user may then cUck on the 
search button 1538. In the example shown in Fig. 19, the search button is labeled 
"Go!" However, it will be understood that other labels are possible to indicate the 
fimction of the search button 1538 (e.g.. Search, Begin, Start, OK, etc.). 

In one embodiment, it is not necessary for the user to select an action with 

25 the action selection element 1536 before a search is initiated. In such a case, if the 
user does not select an action, the results of the search will be retumed for whatever 
object instance(s) has been selected, together with all associated actions. 

When the user selects GO button 1538, a search string is generated and 
embedded in an XML document described above with respect to Table 7. The XML 

30 document is passed to the search management service (an asmx file that exposed the 
search manager object) and then passed directly to tiie search manager 324. The 
search manager 324 parses the queiy string in the XML document to obtain the 

51 
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object type identification. Hie search manage then searches an object type database 
and obtains the XML schema for the provided object type, such as during the 
determine operation 1 106 described above. The search manager tiien inserts the 
query string from the query string XML document into an attribute designated as 
5 quick searchable. 

The resulting XML document has both an object type definition and a search 
string, and this XML document makes up the query that is passed along to the 
resource. This query contains the URL or other identifier for the search handler, as 
specified by the plugin. The search manager 324 reads the value of the search 

10 handler URL and creates a proxy, passing it the URL and the XML query. The 
proxy enables the system to reach the UKL regardless of its location (e.g. behind a 
firewall etc.) as shown in Fig. 10. 

In a particular embodiment, the proxy communicates the query XML 
document to the search handler usmg SOAP as shown in Fig. 10. Altematively, 

15 other communication protocols may be used. In this embodiment, the search handler 
(an asmx file - compiled ASP+) must expose the method ''ExecuteSearch" that takes 
the XML query as a parameter. Once the resource has performed its search it returns 
the results to the search manager by embedding Hbsm in anoflier XML schema and 
returning this XML as a string fi:om the search handle. The search manage 324 

20 parses the file and sends the results set to the user interface which displays them in a 
module that was opened in the consol by the quick search tool 1418 as soon as the 
user selected the GO button 1538. 

Once a quick search has initiated, the results of that search may be displayed 
in a number of different ways in the console 1200. For example, as shown in Fig. 

25 20, the results of the defined search are displayed in tiie module 201 0 in a workspace 
2014 in a work zone 2016 of a consol 2018. As shown in Fig. 20, in an 
embodiment, parameters of the search that have been performed may be displayed as 
a search string 2022 in a window search 2020 located in a search pane 2024 within 
the module 201 0. In such a case, the user may then perform a new or additional 

30 search by modifying the search string 2022 in the search. A search initiation 
element 2026, such as a button, may then be used to start the search. 

Using the above system and method, administrators are able to use a search 
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driven model for locating and woiking with objects, of differing types, without 
havmg to navigate through varying applications will increase user satisfaction and 
productivity. That is, since administrators woik with many different objects of 
differing types, the above system provides a framework that allows an administrator 

5 to work with a specific object or group of objects, without first navigating to the 
application that is associated with the desired object type and then navigating to the 
specific object or group of objects. Instead of requiring the user to navigate to an 
appUcation and then navigate to an object or group of objects, &e above fi:amework 
allows the user to navigate directly to the object or group of objects. Once an 

10 object(s) is located, the user is able to perform all tasks that are associated with that 
object(s). 

Returning now to Fig. 14, as described above, the console 1400 shown 
therem includes an explorer tool 1420. In general, the explorer tool 1420 is a 
navigation tool that is used to show workspaces and modules in the work zone 1414. 

15 The particular workspaces and modules that are shown in the work zone 1414 
dq>end on which workspaces and modules are developed and/or installed for a 
particular console 1400. As shown in Fig. 14, the explorer tool 1420 includes a 
number of graphical display elements that permit the selection of workspaces and 
modules using common GUI controls. 

20 Fig. 21 illustrates an enlarged view of flie explorer tool 1420 shown in Fig. 

14. As shown in Fig. 21, in one embodiment, the explorer tool 1420 includes a tool 
bar 2108, having an explorer drop-down menu selector 21 10, an edit element 2112, 
and a explorer close element 2 1 14. The explorer drop-down menu selector 2110 
includes a triangular visual element 2116 that may be "cUcked" on by a mouse to 

25 opOT or close an explorer drop-down menu 1 3 1 8, in a conventional maimer. The 
explorer close element 21 14 comprises an x-shaped visual element that may be 
"cUcked" on by a mouse to apea or close the explorer tool 1412, in a conventional 
manner. In one embodiment, the edit element 2112 provides functionality for a user 
to add, delete, and/or move workspaces within the explorer. 

30 The explorer drop-down menu 21 18 is operable to display a list of 

workspaces 2120 and modules 2122 associated with the workspaces 2120, as shown 
in Fig. 21 . Each of the workspaces 2120 shown in the explorer drop-down menu 
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21 1 8 includes a triangular element 2124 that may be "clicked*' on by a mouse to 
open or close an drop-down list 21 18 of modules associated with that workspace 
2120. For example, as shown in Fig. 21, the monitors woikspace 2126 displayed in 
the explorer drop-down menu 21 18 has associated therewith a computers module 
5 2128 and an agents workspace 2130. 

In an embodiment, a visual indicator may be associated with a selected 
woikspace and/or module. A number of mechanisms may be employed to indicate a 
particular woikspace and/or module has been selected. For example, as shown in 
Fig. 21, the User Admin workspace 2132 and the associated Admin User module 

10 2134 have been highlighted to show that they have been selected. 

Selection of a particular workspace 2120 in the explore tool 1420 will cause 
that particular workspace to be displayed in the work zone 1414 of the console 1400, 
as shown in Fig. 14. Additionally, selection of a particular module 2122 in the 
explorer tool 1420 will cause that particular module to be displayed in the 

15 workspace 2120 that has been selected. In one embodiment, the first time a 

particular workspace 2120 is selected in this manner, it will be displayed with all 
available modules 2122 open, with the topmost module appearing at the top of the 
selected woikspace 2122. Subsequent times the particular workspace is selected 
£:om the explorer tool 1420, the particular workspace will be displayed in the same 

20 state as it was last viewed. 

There may be any number of explorer tool 1420 taxonomies that define the 
particular workspaces and modules that will E^pear in a given explorer tool 1420, 
and the arrangement of those particular workspaces and modules in a given explorer 
tool 1420. Table 9 illustrates an exemplary explorer tool taxonomy that may be 

25 employed in the management of a nitmber of resources. It should be understood that 
tiie particular taxonomy illustrated in Table 9 is not intended to be exhaustive or 
limiting in any way. The exemplary e?q>lorer tool taxonomy simply provides one 
^cample taxonomy to illustrate how an explorer tool taxonomy may be arranged. 
Table 9 - Example Explorer Tool Taxonomy 
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Turning now to Fig. 22, illustrated therein is an exemplary module 2200 
including a query pane 2210, an object pane 2212, a task pane 2214, and a work 
pane 2216. As shown in Fig. 22, the object pane 2212 includes a list of objects 
5 2218. It is jfrom this list of objects 2218 in the object pane 2212 that aparticular 
object may be selected for access by a user. For example, the object 2220 titled 
"Kristy Wallace" has been selected from the object list 2218 shown in Fig. 22, as 
illustrated by highlighting. 

In response to the selection of the particular object 2220, a list of appUcable 

10 tasks 2222 is displayed in the task pane 2214. Included in the list of applicable tasks 
2222 is a properties task 2224, that has been selected in the task pane, as shown by 
highlighting. In req)onse to the selection of the properties task 2224, the work pane 
221 6 has been populated with a property sheet 2226 associated with the particular 
object 2220 selected in the object pane 2212. 

15 Included in the property sheet 2226 is a Ust of property pages 2228 that are 

associated with the property sheet 2226. Included in the list of property pages 2228 
is a general property page 2224 that has been selected, as shown by highlighting. In 
response to the selection of general property page 2224, the work pane 2216 has 
been populated with a property page 2230 including number of controls for editing 

20 the general property page 2224. In one embodiment, the user may, at this point, 
compare various property sheets for different objects by simply selecting another 
object in the object pane. For example, the user may use the tab key to "tab" 
between the objects in the object pane. In such a case, the property sheet for the 
newly selected object will replace the property sheet of the previously selected 

25 object in the work pane. 

Fig. 23 illustrates a feature of an embodiment of the present invention, 
wherein two or more property pages can be viewed in a single window at the same 
time. The basic layout of the module 2300 shown in Fig. 23 is similar to the module 
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2200 shown in Fig. 22. Howevo", as shown in Fig. 23, the list of tasks 2322 in the 
task pane 2314 includes a compare properties task 2332. The function of the 
compare properties task 2332 is to allow two or more property pages from two or 
more users to be displayed and/or manipulated in the woik pane 2316. 
5 In one embodiment, the selection of multiple property sheets for display 

and/or manipulating in the work pane 2316 may be accomplished as follows. As 
shown in Fig. 23, one or more objects are first selected from this list of objects 2318 
in the object pane 2312. For example, the object 2320 titled "Kristy Wallace" and 
the object 2334 titled "Tim Jones" have been selected from the object list 2318. 

10 In response to the selection of the particular objects 2320 and 2334, a list of 

applicable tasks 2322 has been displayed in the task pane 23 14. Included in the list 
of applicable tasks 2322 is a compare properties task 2332 that has been selected in 
the task pane, as shown by highlighting. In response to the selection of compare 
properties task 2332, a section of the work pane 2316 has been populate with a 

15 property sheet 2326 associated with the object 2320 titled "Kristy Wallace." 
Included in the property sheets 2326 is a list of prop^ pages 2328 that are 
associated with the property sheet 3326. Included in the list of property sheets 2326 
is a gaieral property page 2324 fliat has been selected in the list of property pages 
2328, as shown by highlighting. In response to the selection of general property 

20 page 2324, the work pane 2316 has been populated wifli a general property page 
2330 associated with the "Kristy Wallace" object 2320, as well as a general property 
page 2340 associated with the "Tun Jones" object 2320. Each of the property pages 
includes a number of controls for editing the general property pages 2330 and 2340. 
In the case where more than two objects are selected for comparison, the size 

25 and position of the work pane 2316, as well as the size and position of the property 
sheet and associated property pages may be dynamically adjusted. Additionally, if a 
great numbCT of objects are selected for comparison by a user for display in work 
pane 2316, alternate display elements may be employed to show the property sheet 
and property pages. For example, and without limitation, the various property pages 

30 may be displayed in a tabular fomi in the work pane 23 1 6. 

Although the invention has been described in language specific to structural 
features, methodological acts, and computer readable media containing such acts, it 
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is to be understood that the inventioii defined in the q)pended claims is not 
necessarily limited to the specific structure, acts or media described. Therefore, the 
specific structure, acts or media are disclosed as preferred forms of implementing the 
claimed invention. 
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Claims 

What is claimed is: 

1 . A system for managing a plurality of resources comprising: 

a management module in communication with the plurality of 
resources; the management module capable of receiving a request to access 
information related to one or more of the plurality of resources; and 

in response to the receipt of a request to access information, the 
management module accesses information from more than one resource. 



10 2. A system as defined in claim 1 wherein the management module comprises a 
configuration manager for receiving mformation from a plurality of resources and a 
configuration store for storing predetermined information for the plurality of 
resources. 

15 3. A system as defined in claim 2 wherein the configuration manager installs 
resources such that the management module can modify configuration information 
for the plurality of resources. 



4. A system as defined in claim 3 wh^ein each of the plurality of resources 
20 provides information to the configuration manager in XML format 

5. A system as defined in claim 1 wherein each of the plurality of resources 
manages one or more objects, each object comprising: 

one or more attributes, each attribute having a data field and a value; 
25 one or more associated tasks that may be performed on the object; 

and wherein the management module accesses attribute and task mformation 
fix>m the associated resources in response to a request to access information. 

6. A system as defined in claim 5 wherein the attribute mformation for an 
30 object is provided by more than one resomrce. 



7. A system as defined in claim 6 wherein each object is defined by a property 
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sheet and fhe attribute infoimatioii is a property page in the property sheet 

8. A system as defined in claim 6 wherein the task information for an object is 
provided by more than one resource. 

9. A system as defined in claim 6 wherein each object is defined by a property 
sheet and the task information is in a property page associated with the property 
sheet. 



10 10. A system as defined in claim 6 fiirther conq)rising: 

a configuration manager for receiving and storing information firom a 
plurality of resources relatmg to managed objects; and 

a property sheet manager for receiving and storing property sheet 
information related to managed objects. 

15 

.11. A system as defined in claim 1 fiirther comprising: 

a configuration manager for receiving information firom a plurality of 
resources, each resource having associated objects; 

a configuration store for storing predetermined information for the 
20 plmrality of resources; and 

a search manager adapted to receive predetermined search 
information fi-om a plurality of resources; 

a search data store adapted to store predetermined search information 
for the various resources; and 
25 . wherein the search manager searches the plurality of resources in 

response to a single search request. 



12. A system as defined in claim 1 wherein the management layer fiuther 
comprises: 

30 a configuration manager for receiving information firom a plurality of 

resources, each resource having associated objects; 

a configuration store for storing predetermined information for the 
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plurality of resources; and 

a task manager, wherein the task manager receives task infonnation 
from the configuration manager related to tasks that may be completed in managing 
the plurality of resources. 

5 

13. A method of managing a plurality of resources, each resource having 
managed objects, wherein each of the objects has associated attribute and task 
information, the method comprising: 

receiving infonnation from a first resource related to attribute 
10 information for a first managed object; 

receiving information from a second resource related to attribute 
information for the first managed object, 

storing the information received from the second resource with the 
information received from the first resource in association with the first 
15 managed object; 

receiving a request to access information related to the first managed 
object; and 

accessing stored information fix>m the first and second resources to 
access information related to the first managed object. 

20 

14. A method as defined in claim 13 wherein the infonnation received from the 
first resource comprises a first property page and wherein the infonnation received 
from the second resource comprises a second property page and wherein the method 
fiirther comprises: 

25 creating a property sheet for the first managed object; 

associating the first property page with the property sheet; and 
associating the second property page with the property sheet. 

15. A method as defined in claim 14 fiirther comprising: 

30 receiving a search request from a client computer system; and 

searching a plurality of resoiurces in response to the single search 
request using information associated with the property sheet 
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16. A method as defined in claim 14 further comprising: 

receiving a task request fix>m a client computer system; and 
in response to the task request, requesting task completion from a 
5 plurality of resources. 

17. A method as defined in claim 16 wherein the act of requesting task 
completion from a plurality of resources comprises: 

identifying two or more resources to configure in response to the task 
10 request; and 

performing the task by accessing the two or more resources 
identified. 

perform a task from a client*s computer system. 

15 18. In a distributed network environment having a server computer system and a 
plurality of managed resources, each resource maintaining a plurality of objects, a 
method of representmg at least one of the objects comprising: 

receiving a first schema document tiiat conforms to a property sheet 
definition such that the first schema document defines a property sheet; 
20 receiving a two or more schema documents that conform to a 

property page definition to thereby define a plurality of property pages, 
wherein at least one property page originates from a first resource and at least 
one property page originates from a second resource, the second resource 
being different torn the first resource; 
25 modifying the property sheet to include the received property pages; 

and 

whercin the property sheet reprcsents the object 

19. A method of displaying management information related to managed 
30 resources, each resource having at least one object, each object having associated 
attribute and task information, the method comprising: 

receiving a request to display object information; 
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retrieving attribute and task information, the attribute information and 
the task information originating fix>m different resources; and 

displaying the attribute information and the task information. 



5 20. A method of displaying management information related to network 

resources in a window of a web browser application, each of the networic resources 
having at least one property sheet associated therewith, each property^ sheet 
including one or more property pages: 

requesting property sheets from two or more of the network 
10 resources; and ' 

displaying the retrieved property sheets from each of the two or more 
resources in the window of the web browser application. 

21. A method of managing resources in a distributed network, the method 
15 comprising: 

receiving a query from a client computer system in the distributed 
network; 

accessing a plurality of resources in response to the query; and 
providing management task options related to the query from more 
20 than one resource. 

22. A method of performing a management task, the task modifying information 
associated with one or more back-end resources in a distributed network, the method 
comprising: 

25 receiving information from a first resource related to a first task, the 

first task information for a first managed object of a predetermined object 
type; 

receiving information &om a second resource related to a second task, 
the second task associated with the first managed object; 
30 Storing the information received from the second resource in 

association with the information received from the first resource; 

receiving a request to perform the management task in relation to the 
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first managed object; 

detenniiiing which resource to call in response to the request; and 
sending a task request to the detmnined resource to perform the management task. 

5 23. A method in a computer system for selecting the visual arrangement of 
workspaces and modules in a network management console graphical user interface, 
the console having a first zone operable to display tools and a second zone operable 
to display workspaces and modules, the mettiod comprising: 

receiving a list of workspace names, each workspace name associated 
10 with a workspace; 

displaying an explorer tool in the first zone, the explorer tool 
displaying the list of workspace names; 

receiving &om a user an indication that a first workspace name firom 
the list of workspace names has been selected; and 
15 displaying in the second zone a first workspace associated with the 

first workspace name. 
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